9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085

Analysis

max time kernel
12s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Size

1.5MB
MD5

e8acb1b4daced520e78256c9a333e300
SHA1

11145376b3fad615871732fda10c83ec2760f04b
SHA256

9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085
SHA512

51a046fc859e9c16abe308410664e24e3da5637ec0fe9134184d795fef1f0d508f75f2908805a398eaf3c4021e6bd5953e21ae838ae091b10a02f1e6495b04bb
SSDEEP

49152:5DFSkBKEK4Vkl9srv6sQJ3fp5jpVP4Yfc:5DFiEmfjJPXj7o

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2852-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/files/0x00070000000233fe-5.dat	upx
behavioral2/memory/3644-37-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/936-153-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4660-158-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3108-180-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1716-181-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4116-182-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4952-183-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2852-185-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3876-186-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4148-184-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3252-188-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3644-187-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/936-189-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4840-190-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4660-191-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3420-192-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2696-194-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2592-196-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1716-195-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3108-193-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3532-201-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1336-200-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4128-199-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4116-198-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4952-202-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3928-203-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4148-204-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2312-207-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3876-206-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1860-205-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4840-210-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1672-213-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2152-212-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/888-211-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4592-209-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3252-208-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4480-215-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3160-218-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2696-216-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1872-217-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3420-214-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2332-220-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2592-219-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3220-223-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1336-222-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4128-221-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1636-224-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3224-226-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3928-225-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/824-229-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3892-231-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2312-230-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1860-228-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4592-232-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2412-233-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1560-237-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1672-236-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2152-235-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/888-234-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4944-247-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3344-250-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2332-249-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\E:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\G:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\H:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\K:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\U:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\B:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\I:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\J:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\P:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\T:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\X:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\A:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\M:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\N:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\O:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\W:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\L:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\R:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\S:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\black kicking fucking [milf] cock ash .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob sleeping castration .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian porn horse licking (Sylvia).avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian nude bukkake catfight titts redhair .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian fetish hardcore hidden high heels (Sonja,Sylvia).avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\gay licking gorgeoushorny .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish porn xxx uncut mistress .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob big hole shower .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish cum beast big latex (Sandy,Samantha).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast hidden mature .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fucking [milf] (Janette).zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian handjob fucking catfight boots .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking uncut titts lady (Sarah).mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish fetish lesbian big mistress .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality trambling catfight beautyfull .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american cumshot lingerie several models titts girly .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm licking .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake full movie bondage .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\horse girls fishy (Ashley,Melissa).zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american beastiality horse catfight cock Ôï .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\norwegian lingerie voyeur blondie .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore licking wifey .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black kicking lingerie lesbian sweet .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\black fetish fucking catfight glans wifey .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx public titts (Jenna,Karin).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\trambling [bangbus] latex .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish gang bang hardcore hot (!) hole swallow (Samantha).rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black kicking lingerie public .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian kicking gay uncut feet leather .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian gang bang xxx [free] cock black hairunshaved (Liz).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\bukkake girls feet .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\asian sperm [milf] hole .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\cumshot horse public bondage .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese blowjob uncut titts redhair (Karin).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british trambling [milf] balls .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\cum gay licking .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\asian lingerie lesbian .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\british horse licking pregnant .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\horse lesbian licking cock swallow .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\african lesbian voyeur titts ash (Sarah).rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish animal beast uncut latex .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish handjob lingerie [free] upskirt .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\gay catfight glans penetration .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african bukkake [bangbus] (Samantha).avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\japanese cumshot xxx voyeur cock 50+ .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\tyrkish fetish lingerie [milf] glans castration .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black cum blowjob [bangbus] leather (Anniston,Karin).zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\danish porn beast hot (!) hole beautyfull (Sylvia).mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\beast big granny .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\cum beast girls .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\swedish gang bang beast sleeping .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\gay full movie titts pregnant .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\gay catfight hotel (Gina,Jade).avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beastiality trambling [free] granny .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\beast public hole (Christine,Sarah).zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\xxx hot (!) hole .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\fucking licking .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish nude trambling uncut bedroom .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\norwegian hardcore lesbian hole .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish hardcore voyeur titts .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\indian animal lesbian voyeur glans hotel .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\italian kicking hardcore sleeping glans traffic (Tatjana).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\black animal sperm voyeur ash .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese handjob gay several models penetration .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\french lingerie full movie .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\handjob bukkake public glans .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\chinese lingerie [bangbus] hole .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\japanese cum lesbian uncut titts upskirt .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse blowjob big circumcision .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\russian horse hardcore [bangbus] hole .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black nude blowjob lesbian hole mistress .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling [bangbus] 50+ .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\security\templates\american nude hardcore voyeur swallow .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french gay voyeur cock .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\american horse xxx hot (!) cock beautyfull .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\beast [bangbus] blondie (Britney,Liz).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\tyrkish handjob fucking lesbian .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black cum horse big upskirt .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish nude sperm lesbian hole .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\american porn horse voyeur hole upskirt .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\british xxx masturbation titts .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish sperm masturbation .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\black fetish lingerie masturbation .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\blowjob girls titts .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\lingerie full movie hole YEâPSè& .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian horse bukkake girls (Sylvia).mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\xxx lesbian femdom .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french horse [free] glans YEâPSè& .avi.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\swedish horse blowjob several models titts .mpg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\trambling [bangbus] wifey .rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action beast [milf] .mpeg.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian gay [milf] glans shower (Jade).rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\spanish blowjob hidden (Melissa).rar.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish gang bang horse [bangbus] upskirt .zip.exe	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4952	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4952	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4148	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4148	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3876	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3876	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3252	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3252	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4840	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4840	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3420	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3420	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2696	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2696	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2592	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
2592	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4128	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
4128	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3644	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	80
PID 2852 wrote to memory of 3644	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	80
PID 2852 wrote to memory of 3644	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	80
PID 3644 wrote to memory of 936	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	81
PID 3644 wrote to memory of 936	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	81
PID 3644 wrote to memory of 936	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	81
PID 2852 wrote to memory of 4660	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	82
PID 2852 wrote to memory of 4660	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	82
PID 2852 wrote to memory of 4660	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	82
PID 936 wrote to memory of 3108	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	83
PID 936 wrote to memory of 3108	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	83
PID 936 wrote to memory of 3108	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	83
PID 3644 wrote to memory of 1716	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	84
PID 3644 wrote to memory of 1716	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	84
PID 3644 wrote to memory of 1716	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	84
PID 2852 wrote to memory of 4116	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	85
PID 2852 wrote to memory of 4116	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	85
PID 2852 wrote to memory of 4116	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	85
PID 4660 wrote to memory of 3532	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	86
PID 4660 wrote to memory of 3532	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	86
PID 4660 wrote to memory of 3532	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	86
PID 3108 wrote to memory of 4952	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	87
PID 3108 wrote to memory of 4952	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	87
PID 3108 wrote to memory of 4952	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	87
PID 3644 wrote to memory of 4148	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	88
PID 3644 wrote to memory of 4148	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	88
PID 3644 wrote to memory of 4148	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	88
PID 936 wrote to memory of 3876	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	89
PID 936 wrote to memory of 3876	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	89
PID 936 wrote to memory of 3876	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	89
PID 2852 wrote to memory of 3252	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	90
PID 2852 wrote to memory of 3252	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	90
PID 2852 wrote to memory of 3252	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	90
PID 4660 wrote to memory of 4840	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	91
PID 4660 wrote to memory of 4840	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	91
PID 4660 wrote to memory of 4840	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	91
PID 1716 wrote to memory of 3420	1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	92
PID 1716 wrote to memory of 3420	1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	92
PID 1716 wrote to memory of 3420	1716	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	92
PID 4116 wrote to memory of 2696	4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	93
PID 4116 wrote to memory of 2696	4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	93
PID 4116 wrote to memory of 2696	4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	93
PID 3532 wrote to memory of 2592	3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	94
PID 3532 wrote to memory of 2592	3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	94
PID 3532 wrote to memory of 2592	3532	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	94
PID 4952 wrote to memory of 4128	4952	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	95
PID 4952 wrote to memory of 4128	4952	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	95
PID 4952 wrote to memory of 4128	4952	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	95
PID 3108 wrote to memory of 1336	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	96
PID 3108 wrote to memory of 1336	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	96
PID 3108 wrote to memory of 1336	3108	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	96
PID 3644 wrote to memory of 3928	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	97
PID 3644 wrote to memory of 3928	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	97
PID 3644 wrote to memory of 3928	3644	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	97
PID 936 wrote to memory of 1860	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	98
PID 936 wrote to memory of 1860	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	98
PID 936 wrote to memory of 1860	936	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	98
PID 2852 wrote to memory of 2312	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	99
PID 2852 wrote to memory of 2312	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	99
PID 2852 wrote to memory of 2312	2852	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	99
PID 4660 wrote to memory of 4592	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	100
PID 4660 wrote to memory of 4592	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	100
PID 4660 wrote to memory of 4592	4660	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	100
PID 4116 wrote to memory of 888	4116	9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe	101

C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3644
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:19828
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:22736
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:19716
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:20232
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        9⤵
        
        PID:19528
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:20216
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:23500
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:19676
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:19764
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:20168
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19820
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19740
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:20224
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:22744
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19692
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19876
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:20184
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19788
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2892
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19772
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19868
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:20200
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19708
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19780
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:20192
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19700
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19660
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19732
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19296
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19812
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:208
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:21456
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17492
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17628
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:19080
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:13324
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:4680
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        8⤵
        
        PID:22228
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        7⤵
        
        PID:19836
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19108
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17456
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:22776
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:20176
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2200
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:20160
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19724
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17464
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:19288
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:13444
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:3664
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:19804
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:22916
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19684
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1012
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:12800
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:16240
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:23484
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17644
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:20208
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
        5⤵
        
        PID:19796
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17660
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:20296
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:12720
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:17472
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:13004
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:1712
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:19748
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:22728
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:13124
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:2416
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:1148
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:13340
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:17508
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:13220
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:17548
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:8924
- - C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
    3⤵
    PID:20140
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:13372
- C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9efbfef77eef3917036cb649412f1f255a31450421e9050b4fd002ea6025e085_NeikiAnalytics.exe"
  2⤵
  PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish gang bang hardcore hot (!) hole swallow (Samantha).rar.exe

Filesize
1.8MB

MD5
a02d3193f5b23c670c4decbc97168a19

SHA1
c923f43d96c17de7448e1a675d433e0a40cd91c7

SHA256
397c164df8f460870f707ca25bc725dcab0fec14af31e5dea552f12a1bb709f3

SHA512
a7bd61b04eaaf043df7d14392fdafa1fdee63c59db210697b943bb23cf8b061ba67daf4823dee33a23d1a0704ed1fc456fd9c8a93001a0b3d944103411c52efa

Download Submit
memory/212-259-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/824-229-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/824-270-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/888-234-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/888-211-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/936-153-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/936-189-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1244-258-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1336-200-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1336-222-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1560-237-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1636-266-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1636-224-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1672-213-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1672-236-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1716-181-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1716-195-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1860-205-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1860-228-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1872-245-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1872-217-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1892-255-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2152-235-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2152-212-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2312-207-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2312-230-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2332-249-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2332-220-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2412-278-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2412-233-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2592-219-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2592-196-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2696-194-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2696-216-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2852-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2852-185-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2964-256-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3040-261-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3088-257-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3108-180-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3108-193-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3160-246-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3160-218-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3164-252-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3220-251-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3220-223-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3224-226-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3224-268-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3252-188-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3252-208-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3344-250-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3420-214-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3420-192-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3532-201-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3644-187-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3644-37-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3740-253-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3876-206-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3876-186-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3892-273-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3892-231-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3904-243-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3928-203-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3928-225-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4032-248-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4116-198-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4116-182-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4128-199-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4128-221-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4148-184-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4148-204-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4156-241-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4468-244-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4480-215-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4480-240-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4524-242-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4568-254-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4592-209-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4592-232-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4612-260-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4660-191-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4660-158-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4840-190-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4840-210-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4944-247-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4952-202-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4952-183-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5768-267-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5840-269-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5856-272-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5864-271-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5900-274-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5920-275-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5928-276-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5936-277-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5980-279-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download