fc97497a79f9ff3b5591c93d67fb91833a46b31048d9ee7bab92ba1681217e50

Analysis

max time kernel
11s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Size

777KB
MD5

ec7dd24fb0f4c4415295cd9cee97c850
SHA1

c88b0df68e14048c36f4686eb166754bb1d13036
SHA256

fc97497a79f9ff3b5591c93d67fb91833a46b31048d9ee7bab92ba1681217e50
SHA512

986fd73e2fe17ef1244b249911a2c10c676c1a45a682c7f40a597b200e9ea52643f85d2a64c8cdb10fdcab35fabd2924cdd936caf9f95589a9d0909c14058bc5
SSDEEP

12288:dXCNi9BQmd9nT6WgGS0pNsWg5XNQ2bpBCZtl9nY1yye49+s8DXDr/fV7uOUx41C:oWQuppaWg5XiZQjo5xzg4c

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\T:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\W:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\K:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\O:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\J:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\U:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\I:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\L:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\M:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\P:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\V:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\A:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\H:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\X:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\G:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\N:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\R:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\B:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File opened (read-only)	\??\E:	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling [free] cock .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking [milf] .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie [milf] titts leather .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob licking .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\italian fetish blowjob hot (!) shower .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american cumshot sperm catfight bondage .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm licking hole swallow .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie licking .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american action blowjob catfight .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian cumshot fucking public cock .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american action hardcore public cock .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese action horse catfight (Sylvia).mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american porn beast public traffic .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish handjob fucking hot (!) feet (Sandy,Melissa).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\danish porn gay hidden (Curtney).mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black kicking lingerie [bangbus] fishy .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian sleeping leather .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian cum blowjob girls blondie .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\japanese beastiality gay full movie .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish cumshot trambling lesbian cock .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish handjob beast hidden hole .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum lesbian sleeping leather .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse big beautyfull .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\swedish animal trambling public bondage .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish cum bukkake masturbation feet beautyfull .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish gay public glans YEâPSè& (Curtney).rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\nude beast voyeur sweet (Jenna,Jade).mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\fucking hidden feet beautyfull .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish action gay full movie (Liz).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish fetish fucking [milf] feet gorgeoushorny .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Drops file in Windows directory 48 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese gang bang horse uncut glans 40+ (Samantha).rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish gang bang gay public glans mature .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese fetish gay girls titts black hairunshaved (Karin).mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\indian beastiality hardcore lesbian shoes .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx masturbation cock beautyfull .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\trambling big fishy (Ashley,Tatjana).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\swedish cumshot lesbian full movie mistress .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish fetish lesbian girls cock mature .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\fucking catfight (Curtney).zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese sperm lesbian fishy .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\tyrkish kicking horse [milf] (Jade).mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish horse trambling uncut leather (Kathrin,Tatjana).mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian fetish fucking [bangbus] cock upskirt .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\sperm licking titts high heels (Sylvia).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum horse lesbian (Melissa).zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\swedish cum trambling [bangbus] mistress .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian cum xxx girls feet mature (Curtney).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\trambling public hole .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish porn sperm [free] cock .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\norwegian hardcore lesbian cock high heels .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\chinese sperm several models sweet .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian kicking blowjob uncut glans (Christine,Tatjana).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian action fucking catfight hairy .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\brasilian beastiality lingerie [milf] black hairunshaved .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian gang bang horse several models .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish cum blowjob girls penetration .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast catfight wifey (Ashley,Tatjana).avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british xxx catfight feet .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\blowjob licking feet fishy (Samantha).mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\security\templates\russian fetish gay public redhair .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\horse uncut pregnant .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob voyeur (Melissa).rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking beast sleeping Ôï (Ashley,Curtney).rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\sperm lesbian .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian gang bang trambling masturbation latex .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese horse hardcore licking glans leather (Liz).rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx [free] shoes .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian nude fucking full movie stockings (Christine,Janette).mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\porn fucking catfight penetration .mpeg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\trambling [free] titts leather (Tatjana).mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie girls .avi.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french lingerie lesbian cock .rar.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\tyrkish beastiality lesbian [free] lady (Christine,Sylvia).zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\norwegian fucking hidden girly (Sonja,Karin).mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\hardcore public feet .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\action horse [bangbus] lady .mpg.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie masturbation shower .zip.exe	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3644	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3644	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2724	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2724	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2324	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2324	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4348	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4348	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4904	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4904	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2124	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2124	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3444	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3444	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2728	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
2728	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1312	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	86
PID 4816 wrote to memory of 1312	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	86
PID 4816 wrote to memory of 1312	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	86
PID 4816 wrote to memory of 3284	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	91
PID 4816 wrote to memory of 3284	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	91
PID 4816 wrote to memory of 3284	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	91
PID 1312 wrote to memory of 4000	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	92
PID 1312 wrote to memory of 4000	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	92
PID 1312 wrote to memory of 4000	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	92
PID 1312 wrote to memory of 4948	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	93
PID 1312 wrote to memory of 4948	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	93
PID 1312 wrote to memory of 4948	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	93
PID 4816 wrote to memory of 2116	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	94
PID 4816 wrote to memory of 2116	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	94
PID 4816 wrote to memory of 2116	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	94
PID 4000 wrote to memory of 3644	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	95
PID 4000 wrote to memory of 3644	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	95
PID 4000 wrote to memory of 3644	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	95
PID 3284 wrote to memory of 2724	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	96
PID 3284 wrote to memory of 2724	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	96
PID 3284 wrote to memory of 2724	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	96
PID 4816 wrote to memory of 2324	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	98
PID 4816 wrote to memory of 2324	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	98
PID 4816 wrote to memory of 2324	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	98
PID 1312 wrote to memory of 4348	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	99
PID 1312 wrote to memory of 4348	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	99
PID 1312 wrote to memory of 4348	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	99
PID 4948 wrote to memory of 4904	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	100
PID 4948 wrote to memory of 4904	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	100
PID 4948 wrote to memory of 4904	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	100
PID 3284 wrote to memory of 2728	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	101
PID 3284 wrote to memory of 2728	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	101
PID 3284 wrote to memory of 2728	3284	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	101
PID 4000 wrote to memory of 2124	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	102
PID 4000 wrote to memory of 2124	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	102
PID 4000 wrote to memory of 2124	4000	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	102
PID 2116 wrote to memory of 3444	2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	103
PID 2116 wrote to memory of 3444	2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	103
PID 2116 wrote to memory of 3444	2116	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	103
PID 3644 wrote to memory of 1680	3644	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	104
PID 3644 wrote to memory of 1680	3644	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	104
PID 3644 wrote to memory of 1680	3644	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	104
PID 2724 wrote to memory of 3260	2724	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	105
PID 2724 wrote to memory of 3260	2724	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	105
PID 2724 wrote to memory of 3260	2724	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	105
PID 1312 wrote to memory of 1760	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	107
PID 1312 wrote to memory of 1760	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	107
PID 1312 wrote to memory of 1760	1312	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	107
PID 4816 wrote to memory of 3928	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	108
PID 4816 wrote to memory of 3928	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	108
PID 4816 wrote to memory of 3928	4816	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	108
PID 4948 wrote to memory of 3144	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	109
PID 4948 wrote to memory of 3144	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	109
PID 4948 wrote to memory of 3144	4948	ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:15168
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:3740
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:14988
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:15984
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:10532
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:14996
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:13356
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17228
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:11820
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:16416
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:1632
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:5828
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:15312
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17324
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:11828
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:16524
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:15420
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:11932
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:16664
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:3928
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:14576
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16748
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:10752
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:15088
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:5220
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:17548
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
      4⤵
      PID:16840
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:12268
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:17048
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:6348
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:11968
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:16672
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:7796
- - C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
    3⤵
    PID:15388
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:10488
- C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ec7dd24fb0f4c4415295cd9cee97c850_NeikiAnalytics.exe"
  2⤵
  PID:14816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black kicking lingerie [bangbus] fishy .zip.exe

Filesize
903KB

MD5
33b634a6d5a95a9bd3b75f337a0edaa8

SHA1
a62c65c133dd03d10d2df947c10fa8f684989d5b

SHA256
827b9e53aea442a6cef9a5aa82ecfb979bd59e53e3ba3e4874f320d628946f7c

SHA512
704ea3cff0ac09baa8f33b42892b345ccd85bf515f08a66c3cfe60309c748ebdf54d53e7c40f8e4d7fdf9c38595f7866a7ab581b43c2588620b65c093304ad4e

Download Submit
memory/380-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/452-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1000-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-31-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1312-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1680-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2116-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2324-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2480-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3144-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3260-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3284-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3444-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3644-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3724-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4000-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4068-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4220-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4348-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4480-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4520-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4660-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4664-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4692-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4816-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4816-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4904-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4948-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4948-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5164-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5220-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5408-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5508-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5524-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5580-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5752-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5784-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5948-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6028-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6152-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6160-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6168-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6212-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6340-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6348-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6356-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6532-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6576-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6624-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6688-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6720-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6740-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6756-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6764-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6888-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7036-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7064-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7112-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7132-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7148-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7512-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7532-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7540-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7580-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7724-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7760-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7768-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7776-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8132-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8204-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8212-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8220-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8360-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8384-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8496-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8564-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8588-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8664-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8684-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8692-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8700-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9172-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9236-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9392-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9496-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9652-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9764-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9772-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9784-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9856-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9868-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download