c15c7ccd3f4a2b6f0f212bd3ea43887956187bfe1353d74d5476c4cef20c02c4

Analysis

max time kernel
15s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Size

450KB
MD5

ed3482be0c75c31ee4475f7bac019320
SHA1

7c824852692f26e568f1d5bf6b37ace64ca6992e
SHA256

c15c7ccd3f4a2b6f0f212bd3ea43887956187bfe1353d74d5476c4cef20c02c4
SHA512

f15da5d6579ee4dc86d81f06bbec62edc19641a02606e3602ccf1eda6fb1bcc021c7397039941fed331ebfcf14fafb42b5819d2836fc39f89365435bd63ad88c
SSDEEP

12288:NPKL+qcWf+n6a9WZrduKQCALArJkHW36Q:NSLDf+n6aQVduKQCRcW3Z

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4560-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023421-5.dat	upx
behavioral2/memory/432-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4204-160-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4768-161-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2388-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4572-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4476-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2168-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4848-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3772-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1560-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3612-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1084-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/640-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1760-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4560-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/432-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4768-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4204-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2388-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3088-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/920-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4476-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2168-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4572-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4848-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4468-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4936-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1628-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5012-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3612-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3772-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/640-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1084-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1560-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5244-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3088-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5356-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5348-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5340-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4932-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5324-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1760-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5364-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5300-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1040-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5316-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5292-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5280-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5268-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5124-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5260-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1368-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5012-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6184-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6168-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6160-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5440-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5496-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5420-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5276-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\B:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\L:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\N:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\V:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\X:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\I:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\P:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\U:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\E:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\H:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\O:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\R:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\S:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\G:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\J:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\K:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\M:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\T:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\W:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore voyeur (Samantha).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian porn fucking sleeping redhair .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie catfight penetration (Gina,Tatjana).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake licking stockings (Christine,Tatjana).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\russian kicking trambling [free] mistress .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian beastiality xxx hidden titts ejaculation (Sylvia).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast [milf] hole .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cumshot trambling sleeping (Liz).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish porn lingerie sleeping cock .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish porn lingerie public black hairunshaved .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish gang bang horse voyeur hole latex .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish horse lingerie big hole sm (Karin).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish cum sperm full movie titts blondie .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian fetish lingerie catfight (Janette).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake voyeur 50+ .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast lesbian cock wifey (Tatjana).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\italian fetish bukkake several models .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese kicking blowjob uncut cock .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british lingerie several models 40+ .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie hidden hole bedroom .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\gay several models cock .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking uncut stockings .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian handjob lingerie lesbian cock (Jenna,Karin).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian animal bukkake [milf] feet (Ashley,Sarah).avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american cum xxx voyeur .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish animal fucking masturbation titts swallow (Jade).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish fetish gay licking YEâPSè& .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lesbian sleeping titts ejaculation .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx full movie .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse several models feet bondage .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\danish animal blowjob hidden latex .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\african fucking [free] feet sm .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\lingerie public .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\chinese bukkake [bangbus] YEâPSè& .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\bukkake voyeur (Tatjana).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\nude beast hot (!) hotel .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\tyrkish handjob beast sleeping glans wifey (Karin).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian horse horse uncut (Janette).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\indian fetish hardcore full movie feet latex .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast public feet ¼ë .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese animal xxx masturbation titts pregnant (Samantha).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian handjob horse [free] (Sarah).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian voyeur high heels .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\russian beastiality hardcore voyeur (Curtney).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian nude hardcore full movie titts .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gang bang lingerie catfight glans .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian bukkake big YEâPSè& .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\indian animal horse public titts (Gina,Liz).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\danish animal blowjob lesbian titts lady (Janette).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling hot (!) mature .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\swedish kicking gay big beautyfull .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish trambling [bangbus] leather (Christine,Curtney).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gang bang lingerie big glans penetration (Samantha).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british beast hidden .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\chinese lesbian sleeping hole shoes .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\lesbian full movie (Samantha).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fetish trambling masturbation femdom .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\indian action trambling [milf] fishy .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\malaysia trambling masturbation feet gorgeoushorny .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\french fucking masturbation (Curtney).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish beastiality xxx [bangbus] blondie .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\american cum lesbian [free] high heels (Anniston,Samantha).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\trambling lesbian feet stockings .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cumshot sperm [milf] glans boots .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian animal bukkake big Ôï .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british xxx girls hole high heels .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\kicking hardcore several models hole YEâPSè& .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\horse beast full movie lady .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\indian nude hardcore voyeur feet granny (Curtney).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\animal xxx uncut hole .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian fucking girls .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\hardcore sleeping titts .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\beast [free] cock ash .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\animal trambling sleeping titts .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\french gay public feet .rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\french gay big (Sarah).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\african beast full movie 50+ .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese gay full movie hole sm (Tatjana).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\handjob gay hidden (Tatjana).avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\indian fetish sperm big redhair .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish lesbian [bangbus] (Melissa).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\sperm masturbation ejaculation (Ashley,Janette).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\french bukkake [milf] high heels .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\danish handjob sperm big feet pregnant (Tatjana).mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\danish animal horse hidden traffic .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\beast voyeur glans .mpg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german trambling sleeping titts bondage .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\cumshot fucking catfight (Sarah).mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\tyrkish fetish blowjob lesbian titts .zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore uncut feet .mpeg.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\trambling [bangbus] glans .avi.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\porn sperm hidden bondage (Jenna,Sylvia).rar.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\spanish sperm hot (!) (Samantha).zip.exe	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4848	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4848	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3772	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3772	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1628	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1628	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3612	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3612	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1084	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1084	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
640	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
640	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1760	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
1760	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3248	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
3248	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 432	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	89
PID 4560 wrote to memory of 432	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	89
PID 4560 wrote to memory of 432	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	89
PID 4560 wrote to memory of 4204	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	90
PID 4560 wrote to memory of 4204	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	90
PID 4560 wrote to memory of 4204	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	90
PID 432 wrote to memory of 4768	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	91
PID 432 wrote to memory of 4768	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	91
PID 432 wrote to memory of 4768	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	91
PID 4560 wrote to memory of 2388	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	97
PID 4560 wrote to memory of 2388	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	97
PID 4560 wrote to memory of 2388	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	97
PID 4768 wrote to memory of 4572	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	98
PID 4768 wrote to memory of 4572	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	98
PID 4768 wrote to memory of 4572	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	98
PID 432 wrote to memory of 4476	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	99
PID 432 wrote to memory of 4476	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	99
PID 432 wrote to memory of 4476	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	99
PID 4204 wrote to memory of 2168	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	100
PID 4204 wrote to memory of 2168	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	100
PID 4204 wrote to memory of 2168	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	100
PID 2388 wrote to memory of 4848	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	103
PID 2388 wrote to memory of 4848	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	103
PID 2388 wrote to memory of 4848	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	103
PID 4560 wrote to memory of 3772	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	104
PID 4560 wrote to memory of 3772	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	104
PID 4560 wrote to memory of 3772	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	104
PID 4768 wrote to memory of 3612	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	105
PID 4768 wrote to memory of 3612	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	105
PID 4768 wrote to memory of 3612	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	105
PID 4204 wrote to memory of 1628	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	106
PID 4204 wrote to memory of 1628	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	106
PID 4204 wrote to memory of 1628	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	106
PID 432 wrote to memory of 1560	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	107
PID 432 wrote to memory of 1560	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	107
PID 432 wrote to memory of 1560	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	107
PID 4572 wrote to memory of 1084	4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	108
PID 4572 wrote to memory of 1084	4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	108
PID 4572 wrote to memory of 1084	4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	108
PID 4476 wrote to memory of 640	4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	109
PID 4476 wrote to memory of 640	4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	109
PID 4476 wrote to memory of 640	4476	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	109
PID 2168 wrote to memory of 1760	2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	110
PID 2168 wrote to memory of 1760	2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	110
PID 2168 wrote to memory of 1760	2168	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	110
PID 2388 wrote to memory of 3248	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	112
PID 2388 wrote to memory of 3248	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	112
PID 2388 wrote to memory of 3248	2388	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	112
PID 4560 wrote to memory of 688	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	113
PID 4560 wrote to memory of 688	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	113
PID 4560 wrote to memory of 688	4560	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	113
PID 4768 wrote to memory of 4932	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	114
PID 4768 wrote to memory of 4932	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	114
PID 4768 wrote to memory of 4932	4768	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	114
PID 4848 wrote to memory of 4108	4848	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	115
PID 4848 wrote to memory of 4108	4848	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	115
PID 4848 wrote to memory of 4108	4848	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	115
PID 432 wrote to memory of 920	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	116
PID 432 wrote to memory of 920	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	116
PID 432 wrote to memory of 920	432	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	116
PID 4204 wrote to memory of 3088	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	117
PID 4204 wrote to memory of 3088	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	117
PID 4204 wrote to memory of 3088	4204	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	117
PID 4572 wrote to memory of 4936	4572	ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:432
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        9⤵
        
        PID:26488
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        9⤵
        
        PID:22716
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:22604
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:21564
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:18544
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:22004
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22684
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:19540
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22068
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22504
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21960
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:21596
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22012
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22636
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21952
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21732
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22368
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22160
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17812
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22588
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19572
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19948
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19768
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19508
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21724
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19296
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:26228
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21696
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21768
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19244
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:21748
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        8⤵
        
        PID:24516
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:21988
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:26168
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:24544
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22596
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22384
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:20124
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19492
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22548
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21980
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22744
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21996
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21716
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22328
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21968
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:19940
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21944
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21776
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22020
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22564
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22180
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:19944
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:26192
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22344
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22200
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22036
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:19732
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:26144
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21604
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22668
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:4004
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:12452
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:17164
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:21740
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4204
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22424
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:21704
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22392
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:21580
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:24524
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19720
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:26200
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22724
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22556
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22752
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22232
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:22760
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:21612
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22224
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22252
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19204
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22916
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22580
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:26184
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22240
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22448
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:21572
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19796
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:26176
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22612
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22496
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22044
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22540
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22440
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:21936
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22244
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22644
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:12468
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:17180
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:21784
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:19304
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:26136
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22432
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22456
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22204
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22320
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22360
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22352
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22260
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22376
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22028
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22052
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22732
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22060
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:9200
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:12392
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:17124
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:22628
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        6⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:24224
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22652
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:26152
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
        5⤵
        
        PID:24232
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22660
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:21760
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:9312
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:12404
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:17068
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:22572
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:688
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:21792
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:22188
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:12552
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:16860
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:22168
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:5380
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:21588
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:14292
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:16812
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:22216
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:7112
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:13632
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:16964
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:22336
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:8368
- - C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
    3⤵
    PID:19916
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:10524
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:17020
- C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ed3482be0c75c31ee4475f7bac019320_NeikiAnalytics.exe"
  2⤵
  PID:22676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking uncut stockings .rar.exe

Filesize
191KB

MD5
4ee800182f701c2533d1396e9cccd3a2

SHA1
812d3796cb0f69cb00f823ec5364e03a55df7e0a

SHA256
fd02aa46484b4ebd56e865fb9b9fa808f7bd1eba788240274856d8d42660cdec

SHA512
28adfab84e6a05bc0ade20c172df9a4ca528129f0203e4b6d7e39492a196383de3d92172956505fafe235bac5a4b4d9a64f933183a280f831c08bbf0ce7b4f1d

Download Submit
memory/432-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/432-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/640-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/640-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/920-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1040-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1084-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1084-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1368-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1560-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1560-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1628-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1760-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1760-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2168-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2168-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2388-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2388-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3088-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3088-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3612-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3612-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3772-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3772-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4204-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4204-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4468-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4476-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4560-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4560-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4572-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4572-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4768-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4768-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4932-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4936-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5012-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5012-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5124-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5268-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5268-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5280-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5280-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5288-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5316-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5316-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5324-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5324-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5332-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5348-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5348-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5356-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5356-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5364-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5364-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5388-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5440-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5496-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5552-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6152-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6160-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6168-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6176-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6184-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6192-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6200-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6208-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6312-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6876-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6996-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7004-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7012-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7056-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7064-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7072-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7088-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7104-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7112-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7120-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7128-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7144-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7164-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download