35352693c398fc44d1b83ee031ae044109a6a4103593c86fb4085ea8eb7123d1

Analysis

max time kernel
16s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Size

1.9MB
MD5

aac6fa615b2ebc26506c710d97ee2480
SHA1

f3c1bc9ad5dacfe76b252fc0414b03d04a9a7c2a
SHA256

35352693c398fc44d1b83ee031ae044109a6a4103593c86fb4085ea8eb7123d1
SHA512

79efd0d0c97f5b766d29d2c9b3c587474fe7cc569c2979015295d1873fc6234b4fffd4dc1c2431d623c9138f163db613f6fc3818e5cc110c20dc2718f310a609
SSDEEP

49152:Ng2JpkD/t+lNRNs5r4DcVBTMnmwExiMMrbMi:NgWaDV+lBs144VBc+xiM64i

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 21 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/224-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0008000000023410-5.dat	upx
behavioral2/memory/3600-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4424-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1228-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4468-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/464-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4860-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3408-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3092-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1332-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2568-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/592-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/224-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2936-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3600-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4424-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1228-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4468-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1948-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4860-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3232-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3092-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3880-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3340-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3408-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/464-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/592-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1332-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3444-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2568-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/748-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/212-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2504-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2936-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2036-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2992-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5148-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5140-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5128-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5164-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2572-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4012-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3880-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5196-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/748-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/212-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2504-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5212-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5220-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5228-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6044-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6116-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5156-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5128-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4012-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5148-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5140-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2992-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2572-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4556-248-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5172-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5724-249-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6264-253-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\U:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\W:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\L:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\O:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\P:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\A:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\B:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\H:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\I:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\K:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\S:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\E:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\J:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\M:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\R:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\X:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\G:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\T:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File opened (read-only)	\??\V:	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian beastiality xxx girls fishy .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american beastiality beast [free] young .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay licking (Karin).mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake several models titts young .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish cum fucking sleeping .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm licking .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish action fucking licking pregnant .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast voyeur gorgeoushorny .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay [bangbus] upskirt .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish animal fucking [bangbus] .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese horse horse hidden (Jade).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\indian gang bang sperm several models hairy .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay several models (Sylvia).avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian fetish sperm licking (Sylvia).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish action gay public feet .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\danish animal beast [bangbus] mature .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay [free] (Janette).mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast hot (!) 40+ .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish porn lingerie hot (!) (Sylvia).avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\xxx [milf] (Jade).avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish gang bang horse girls upskirt .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese cum blowjob hidden high heels .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian beastiality blowjob licking .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish kicking lingerie catfight .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian action gay several models (Tatjana).mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish handjob horse full movie blondie .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\blowjob public glans (Christine,Jade).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality hardcore full movie .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black beastiality blowjob public .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lingerie lesbian titts .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black gang bang lingerie licking titts traffic .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\trambling several models leather .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish nude beast [bangbus] cock traffic .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\malaysia sperm hidden titts .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian masturbation hole .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british xxx voyeur feet (Kathrin,Tatjana).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\action blowjob full movie cock .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\fetish gay [milf] titts beautyfull (Melissa).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\american nude blowjob masturbation cock gorgeoushorny (Janette).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish fucking hidden .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\handjob xxx public feet circumcision (Sylvia).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\trambling big .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\indian gang bang bukkake catfight ash .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\bukkake public hotel (Kathrin,Samantha).rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\danish nude hardcore [bangbus] (Karin).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\gang bang trambling several models cock .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\fetish beast several models .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\russian gang bang gay [milf] .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\gay [free] feet gorgeoushorny .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia xxx big .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\fetish trambling public .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\gang bang blowjob hot (!) feet .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\cumshot lesbian hot (!) leather .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish nude bukkake big balls (Jenna,Samantha).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cumshot horse sleeping titts upskirt .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\malaysia blowjob [milf] feet young (Sylvia).mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\black porn gay hidden .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\spanish blowjob [milf] titts upskirt (Karin).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\malaysia lingerie [free] .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast voyeur .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse full movie (Tatjana).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese nude horse sleeping titts (Sonja,Sarah).rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\brasilian animal trambling big .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality gay [free] cock .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\hardcore sleeping .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian fetish lingerie [milf] feet .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish porn gay full movie girly .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\african fucking public .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\indian beastiality gay voyeur .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\horse public (Sylvia).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\british horse uncut glans .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\indian kicking fucking [bangbus] hole mistress (Janette).rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\spanish horse uncut Ôï .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish nude blowjob voyeur hotel (Kathrin,Sarah).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lesbian public (Karin).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\cumshot beast uncut titts .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\british lingerie several models titts Ôï .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\russian handjob gay catfight ejaculation .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beastiality horse hot (!) cock black hairunshaved .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\horse xxx uncut leather .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\italian animal beast girls hole .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\tyrkish beastiality bukkake full movie cock shower (Liz).avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian beastiality xxx sleeping (Karin).mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\horse hidden feet 50+ .avi.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\hardcore hot (!) titts .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\tyrkish cum trambling several models hole swallow .mpeg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese porn gay several models hole .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\american cumshot fucking [free] titts girly .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish gang bang xxx sleeping titts ejaculation (Sarah).zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\beast hidden .mpg.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\american nude lingerie uncut bedroom .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\xxx voyeur femdom .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\american nude blowjob uncut .zip.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\malaysia trambling big 40+ .rar.exe	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3092	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3092	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1332	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1332	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
592	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
592	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2568	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2568	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2548	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2548	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2952	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2952	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3440	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3440	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2936	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
2936	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 3600	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	85
PID 224 wrote to memory of 3600	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	85
PID 224 wrote to memory of 3600	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	85
PID 3600 wrote to memory of 1228	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	88
PID 3600 wrote to memory of 1228	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	88
PID 3600 wrote to memory of 1228	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	88
PID 224 wrote to memory of 4424	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	89
PID 224 wrote to memory of 4424	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	89
PID 224 wrote to memory of 4424	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	89
PID 3600 wrote to memory of 464	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	92
PID 3600 wrote to memory of 464	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	92
PID 3600 wrote to memory of 464	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	92
PID 224 wrote to memory of 4468	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	93
PID 224 wrote to memory of 4468	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	93
PID 224 wrote to memory of 4468	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	93
PID 1228 wrote to memory of 4860	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	94
PID 1228 wrote to memory of 4860	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	94
PID 1228 wrote to memory of 4860	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	94
PID 4424 wrote to memory of 3408	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 3408	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	95
PID 4424 wrote to memory of 3408	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	95
PID 3600 wrote to memory of 3092	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	97
PID 3600 wrote to memory of 3092	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	97
PID 3600 wrote to memory of 3092	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	97
PID 224 wrote to memory of 592	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	98
PID 224 wrote to memory of 592	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	98
PID 224 wrote to memory of 592	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	98
PID 464 wrote to memory of 1332	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	99
PID 464 wrote to memory of 1332	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	99
PID 464 wrote to memory of 1332	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	99
PID 1228 wrote to memory of 2568	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	100
PID 1228 wrote to memory of 2568	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	100
PID 1228 wrote to memory of 2568	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	100
PID 4860 wrote to memory of 2548	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	101
PID 4860 wrote to memory of 2548	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	101
PID 4860 wrote to memory of 2548	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	101
PID 4424 wrote to memory of 2952	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 2952	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	102
PID 4424 wrote to memory of 2952	4424	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	102
PID 4468 wrote to memory of 3440	4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	103
PID 4468 wrote to memory of 3440	4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	103
PID 4468 wrote to memory of 3440	4468	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	103
PID 3408 wrote to memory of 2936	3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	104
PID 3408 wrote to memory of 2936	3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	104
PID 3408 wrote to memory of 2936	3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	104
PID 3600 wrote to memory of 3316	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	105
PID 3600 wrote to memory of 3316	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	105
PID 3600 wrote to memory of 3316	3600	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	105
PID 464 wrote to memory of 2036	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	106
PID 464 wrote to memory of 2036	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	106
PID 464 wrote to memory of 2036	464	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	106
PID 1228 wrote to memory of 5080	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	107
PID 1228 wrote to memory of 5080	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	107
PID 1228 wrote to memory of 5080	1228	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	107
PID 224 wrote to memory of 1948	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	108
PID 224 wrote to memory of 1948	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	108
PID 224 wrote to memory of 1948	224	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	108
PID 4860 wrote to memory of 3340	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	109
PID 4860 wrote to memory of 3340	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	109
PID 4860 wrote to memory of 3340	4860	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	109
PID 1332 wrote to memory of 3880	1332	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	111
PID 1332 wrote to memory of 3880	1332	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	111
PID 1332 wrote to memory of 3880	1332	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	111
PID 3408 wrote to memory of 2932	3408	aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:224
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        9⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        9⤵
        
        PID:24720
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:23960
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:24432
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:24060
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24392
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:20384
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:27564
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24472
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25048
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25620
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:25072
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:26208
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25056
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:19612
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:27548
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25160
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24480
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:20376
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:27588
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24416
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24408
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24108
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:26672
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:19560
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:27412
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:27116
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:20392
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:26436
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24544
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24144
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:20328
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:27312
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:23700
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24640
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24160
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25112
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24036
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24440
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24588
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24736
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:20344
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27580
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24520
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24456
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25088
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24496
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:25612
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:26644
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25152
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:23888
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:19628
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:27556
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24400
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24672
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:21000
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27572
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24656
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25124
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24116
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24352
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24776
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:23656
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27404
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24076
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:19568
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26480
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:27136
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17796
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24168
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25604
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24384
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:19604
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27540
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:23840
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24292
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:20488
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24580
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:19548
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:26244
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:23944
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27248
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:27320
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24664
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24944
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24560
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:27344
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:364
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24068
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:25104
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:13052
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5968
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:24712
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:25080
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:27516
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24696
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:23928
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24680
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:20360
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25136
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        8⤵
        
        PID:26688
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24344
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:20320
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25684
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24768
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:24376
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25676
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24488
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:19636
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:26680
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24604
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24028
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:23508
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:23812
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24448
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24760
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:19620
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:26840
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24648
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25120
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24688
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24020
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24752
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26316
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24744
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24424
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:20400
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:26704
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24044
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:19588
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:27532
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17648
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:20408
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26696
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:23952
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24704
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:26228
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:27144
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:24512
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        7⤵
        
        PID:25096
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24504
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24152
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24612
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25872
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:27524
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:23708
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24552
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24620
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:24336
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26728
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:21332
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17772
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:24132
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:396
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8236
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8060
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24052
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:13452
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:24360
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:592
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:20336
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:25692
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:23932
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        6⤵
        
        PID:26848
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26664
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:25144
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24464
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:23124
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:26764
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24368
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:26712
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:13424
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:17412
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:24728
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
        5⤵
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:24596
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:25064
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:26720
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:13044
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:5352
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:23924
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:20352
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:26236
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:11432
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:12796
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:17868
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:6812
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
      4⤵
      PID:26856
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:2172
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:27108
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:8972
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:18000
- - C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
    3⤵
    PID:24104
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:13228
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:5672
- C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\aac6fa615b2ebc26506c710d97ee2480_NeikiAnalytics.exe"
  2⤵
  PID:24140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian beastiality blowjob licking .zip.exe

Filesize
108KB

MD5
c557481b5344ef6109924ff045efef7d

SHA1
b6289ed9262acf222e808d294ab649492f1959f3

SHA256
dea720b9e0a181b578d7b7ae88b2b0c1481aa8218b291c53d04b10ff9c1f5b77

SHA512
1150600ba40c96a03b13744b27ed74ce9fd267cc2d519fe7e3da5941d484303952f47c680e5c6a23f887b63f7f9b8e3ca096d357c6fe2d3703d21a25abae72e5

Download Submit
C:\debug.txt

Filesize
146B

MD5
cdb69005e67ff9515174e7eaee57d5f7

SHA1
ddda50a14fed3d6c4efe076230bedc7935b9dd27

SHA256
708d118ad640bb0dda737786060ad89d098638761eb54e3e7992587fd9bebf02

SHA512
f56a74849b83d76d625816028721b703a0969b33ac8dbefbbc821b013e5c91c04e6c72a3f8062ca8bcc28b67558d76be059c5660702733e394996b074ea29ef2

Download Submit
memory/212-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/212-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/224-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/224-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/464-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/464-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/592-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/592-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/748-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/748-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1228-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1228-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1332-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1332-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1948-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2036-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2072-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2504-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2504-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2568-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2568-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2572-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2572-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2936-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2936-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3092-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3092-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3232-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3340-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3408-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3408-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3524-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3524-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3600-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3600-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3880-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3880-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3920-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3920-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4012-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4012-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4424-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4424-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4468-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4468-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4556-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4556-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4860-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4860-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5128-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5128-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5148-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5148-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5156-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5164-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5172-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5188-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5196-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5220-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5724-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5724-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5976-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6044-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6052-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6116-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6116-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6124-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6132-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6132-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6160-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6160-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6264-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6264-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6440-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6448-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6448-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6464-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6472-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6488-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6504-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6748-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6812-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7248-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7464-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7476-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7540-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7548-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7576-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download