4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d

Analysis

max time kernel
15s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 11:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Size

1.4MB
MD5

19563ff6a27d12b46f45a6b3465be470
SHA1

61a44edfc4e619cde49502ded3e5ccca6aa02020
SHA256

4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d
SHA512

d897185fdf396074efcbc1a2d69aa772a5ea23c1123f89fb37356208370b3c2b237b26560c245a02724388235aaf03ea69d3964187aa032674cf0bad96abf1d5
SSDEEP

24576:CL+ZsQbIDYkPifbxU3qBlO2SE7yZCPYpkRUOntFEfe5QDzQKw1aOdky2ZpojY3vl:CLkBbj/xuqBXSEOEP3Rzz5asnQWQkjeN

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\J:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\O:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\P:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\W:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\M:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\N:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\S:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\R:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\T:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\V:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\A:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\E:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\L:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\I:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\K:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\U:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\X:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\B:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\G:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File opened (read-only)	\??\H:	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\black cumshot blowjob hot (!) stockings .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob masturbation titts .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish action gay full movie .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian animal blowjob hot (!) hole Œã .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian kicking blowjob licking (Liz).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black action beast lesbian cock sm (Sylvia).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black gang bang sperm licking ¼ë (Kathrin,Melissa).rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\horse fucking big wifey .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish cumshot beast hidden titts pregnant .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\xxx sleeping lady .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian nude bukkake girls (Janette).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum trambling sleeping beautyfull .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\hardcore catfight high heels .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm full movie hole .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish porn bukkake [bangbus] feet .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\danish action fucking public cock .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish action sperm sleeping titts (Ashley,Sarah).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\swedish handjob horse full movie .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\bukkake masturbation bondage .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob [free] (Melissa).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse horse public glans shoes (Samantha).avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake full movie glans hairy .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake uncut feet .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american nude lesbian full movie (Jade).avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian action xxx catfight hole (Gina,Samantha).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese nude blowjob [bangbus] (Samantha).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian kicking gay [free] feet .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\bukkake public castration .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\japanese handjob blowjob hot (!) sweet .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian cumshot lingerie uncut beautyfull .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\blowjob big hole swallow (Sylvia).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian animal beast big feet girly .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish kicking hardcore masturbation mistress .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\blowjob girls traffic .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish animal beast girls girly .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish handjob lingerie masturbation .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\gay hot (!) wifey .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay lesbian feet fishy .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\security\templates\xxx masturbation feet .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\american nude horse several models .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\xxx [free] .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\bukkake girls Ôï .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia blowjob several models Ôï .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\nude gay public balls .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\norwegian gay uncut glans 50+ (Curtney).rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\hardcore [free] black hairunshaved .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality sperm public hotel .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\british fucking uncut cock .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian fetish lesbian catfight feet pregnant .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\french horse catfight .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian xxx [free] feet latex .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian kicking beast catfight redhair .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast full movie (Karin).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\malaysia trambling hot (!) beautyfull .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\kicking hardcore hidden glans upskirt (Sarah).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality trambling hidden ejaculation (Anniston,Sylvia).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\asian trambling several models pregnant .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\american beastiality horse hot (!) femdom .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\beastiality trambling lesbian hole gorgeoushorny (Samantha).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia bukkake masturbation blondie .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian handjob blowjob uncut hole high heels .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black cum trambling public circumcision (Kathrin,Sarah).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian handjob sperm lesbian shoes (Sonja,Melissa).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lesbian lesbian balls .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\american beastiality bukkake public hole sweet (Sarah).mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\hardcore big (Curtney).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black porn hardcore uncut .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot bukkake catfight pregnant .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\lingerie hot (!) shower .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gang bang lesbian licking ejaculation .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\indian handjob fucking public feet ash (Liz).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\african horse several models .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian fetish hardcore big titts castration .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese horse fucking uncut .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish handjob trambling masturbation boots .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\asian hardcore masturbation lady .mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\animal xxx [milf] .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\handjob sperm hidden pregnant .avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\malaysia hardcore [free] redhair (Britney,Curtney).rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\russian animal sperm voyeur beautyfull .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\nude lingerie girls (Sylvia).rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cum sperm [milf] (Sarah).avi.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian trambling [bangbus] (Janette).zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian licking wifey .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish handjob lingerie voyeur granny .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\swedish cumshot fucking [free] titts hotel (Samantha).mpeg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\malaysia bukkake [bangbus] wifey .mpg.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\bukkake catfight circumcision .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\italian cum fucking girls stockings (Sonja,Tatjana).rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british lingerie [bangbus] cock 40+ .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american kicking trambling lesbian pregnant .zip.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\german fucking catfight .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\danish nude blowjob big circumcision .rar.exe	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
14036	4972	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2596	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2596	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3756	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3756	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2632	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2632	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1524	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1524	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5080	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
5080	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1608	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1608	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4280	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4280	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4112	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
4112	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1536	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
1536	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 1276	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	81
PID 4972 wrote to memory of 1276	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	81
PID 4972 wrote to memory of 1276	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	81
PID 1276 wrote to memory of 5028	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	82
PID 1276 wrote to memory of 5028	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	82
PID 1276 wrote to memory of 5028	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	82
PID 4972 wrote to memory of 2780	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	83
PID 4972 wrote to memory of 2780	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	83
PID 4972 wrote to memory of 2780	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	83
PID 5028 wrote to memory of 1692	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	84
PID 5028 wrote to memory of 1692	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	84
PID 5028 wrote to memory of 1692	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	84
PID 1276 wrote to memory of 1488	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	85
PID 1276 wrote to memory of 1488	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	85
PID 1276 wrote to memory of 1488	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	85
PID 4972 wrote to memory of 3476	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	86
PID 4972 wrote to memory of 3476	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	86
PID 4972 wrote to memory of 3476	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	86
PID 2780 wrote to memory of 2232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	87
PID 2780 wrote to memory of 2232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	87
PID 2780 wrote to memory of 2232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	87
PID 5028 wrote to memory of 2596	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	88
PID 5028 wrote to memory of 2596	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	88
PID 5028 wrote to memory of 2596	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	88
PID 1276 wrote to memory of 3756	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	89
PID 1276 wrote to memory of 3756	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	89
PID 1276 wrote to memory of 3756	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	89
PID 1488 wrote to memory of 2632	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	90
PID 1488 wrote to memory of 2632	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	90
PID 1488 wrote to memory of 2632	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	90
PID 2780 wrote to memory of 5080	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	92
PID 2780 wrote to memory of 5080	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	92
PID 2780 wrote to memory of 5080	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	92
PID 4972 wrote to memory of 1524	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	91
PID 4972 wrote to memory of 1524	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	91
PID 4972 wrote to memory of 1524	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	91
PID 1692 wrote to memory of 1608	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	93
PID 1692 wrote to memory of 1608	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	93
PID 1692 wrote to memory of 1608	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	93
PID 3476 wrote to memory of 4280	3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	94
PID 3476 wrote to memory of 4280	3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	94
PID 3476 wrote to memory of 4280	3476	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	94
PID 2232 wrote to memory of 4112	2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	95
PID 2232 wrote to memory of 4112	2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	95
PID 2232 wrote to memory of 4112	2232	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	95
PID 5028 wrote to memory of 1536	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	100
PID 5028 wrote to memory of 1536	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	100
PID 5028 wrote to memory of 1536	5028	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	100
PID 1488 wrote to memory of 4656	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	102
PID 1488 wrote to memory of 4656	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	102
PID 1488 wrote to memory of 4656	1488	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	102
PID 1276 wrote to memory of 1944	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	101
PID 1276 wrote to memory of 1944	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	101
PID 1276 wrote to memory of 1944	1276	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	101
PID 1692 wrote to memory of 1496	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	103
PID 1692 wrote to memory of 1496	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	103
PID 1692 wrote to memory of 1496	1692	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	103
PID 2780 wrote to memory of 232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	104
PID 2780 wrote to memory of 232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	104
PID 2780 wrote to memory of 232	2780	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	104
PID 4972 wrote to memory of 4976	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	105
PID 4972 wrote to memory of 4976	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	105
PID 4972 wrote to memory of 4976	4972	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	105
PID 2596 wrote to memory of 4364	2596	4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe	106

C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:19688
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:21196
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17780
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19800
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:19828
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21180
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19760
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19304
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:19720
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:18800
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:19272
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21812
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19836
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19672
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21952
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19728
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19288
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19808
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        8⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:19972
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:19320
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18776
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19712
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19312
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18988
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:22092
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:21204
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21212
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:20120
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19916
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18732
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:20160
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19924
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:20128
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17500
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19948
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:18808
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:11516
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:12904
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:4732
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:20180
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:21924
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19680
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19696
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19956
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19900
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18904
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:20508
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:232
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19776
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19296
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19820
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:21804
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:18748
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:13192
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:17576
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:20136
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18716
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19980
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17636
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17700
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19988
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:21844
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17612
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:13152
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:19792
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19784
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18740
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19908
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17552
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19704
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19132
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:13224
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:20152
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
        5⤵
        
        PID:18724
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:19752
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:15128
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17820
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:13388
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:19744
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:12912
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:17584
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:6148
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:18124
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:8492
- - C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
    3⤵
    PID:17620
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:11864
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:12880
- C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4efadab44ced8b681da93682cd1f546121c78d9494c10c19e519a1a37471562d_NeikiAnalytics.exe"
  2⤵
  PID:17476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 1804
  2⤵
  - Program crash
  PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4972 -ip 4972
1⤵
PID:11772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american nude lesbian full movie (Jade).avi.exe

Filesize
1.2MB

MD5
4a90d7fbc313be8827d99c0f337da995

SHA1
46e2c299b290a4c27ad6211c137a7f444ed21ede

SHA256
09f73828452bf63447e3912d4af840c5be6f89189b92aa6f634697322a088a25

SHA512
ba140a82648b7143f9f270afc7d4dce3600b7c029fc85b0afc74788e9e48a643add41380deb62583bd560c0c2e00df0a4b3fc59ee716d7940f397fc755bd5cf4

Download Submit
C:\debug.txt

Filesize
146B

MD5
ae2ad0b9be6da20ab69586a31bd20f75

SHA1
e93faaa8279854127d12bd9434ef8f4e60ec77cb

SHA256
f97df1ba1c696ea3a0189dc0385117ea635b7eb7d919fcbcc5b64740fb4f224f

SHA512
14178bf47c1a9dd330c70cda2c5bc80088c0565024b5baeed8ce574194daaaa9799a7d647773857bd9988b86f0fcccc9e474feb11293c4ba77e5e35a1b2f8656

Download Submit