af0a3358305c6cb01ebd360adcaa48df33d35b3acfe384070427618a2ab1bdf4

Analysis

max time kernel
16s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Size

85KB
MD5

ccaf61553656b4c3242df3f0fe706510
SHA1

f5d9ce19451ae0c576c6e11e1da131549a7390a7
SHA256

af0a3358305c6cb01ebd360adcaa48df33d35b3acfe384070427618a2ab1bdf4
SHA512

cc82e067f0d6c402c30b905ef91c6f2da04fc6f145d1a9116446ab777c2131516f00f90f332326be3b4182973ccb9dd639d8d39c9c3e720c2ef883021f4a7faf
SSDEEP

1536:cGRVCaKgzbLc54hukfgvYnouy8kV1Ayj4m/QWR/Rlq88vlnRqPR/1aViDRknJM2p:cGjbLl/gvQoutY1Tj4mYWR/R4nkPR/1a

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/392-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00070000000233da-5.dat	upx
behavioral2/memory/404-79-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1180-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4516-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3380-176-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1060-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3244-178-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4120-179-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2884-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2524-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4912-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4392-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/392-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1028-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2552-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/404-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2480-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1180-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3260-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4516-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4676-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1060-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3380-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1312-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2804-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3244-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3108-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3924-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4120-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4996-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4424-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3648-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2884-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4024-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2524-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4912-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/536-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4392-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2480-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1388-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1028-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2552-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/860-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3260-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4676-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1032-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3252-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3924-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3108-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2992-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4836-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1544-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1312-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2804-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4716-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3364-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2476-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4996-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4424-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3648-232-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/536-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1388-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4680-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\M:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\O:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\B:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\J:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\N:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\P:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\T:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\V:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\W:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\E:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\G:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\S:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\U:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\A:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\K:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\L:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\R:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\X:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File opened (read-only)	\??\H:	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\action voyeur (Karin,Sylvia).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fetish beastiality [bangbus] .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian lesbian beast catfight lady .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm action full movie boots (Sarah).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore fucking licking .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish nude public .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black animal licking feet YEâPSè& .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish xxx trambling public (Gina,Tatjana).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie several models sm .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian porn [bangbus] castration .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\handjob porn [milf] black hairunshaved (Ashley).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french xxx trambling [bangbus] glans penetration .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\swedish horse bukkake sleeping feet swallow .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9470.tmp\chinese kicking beast hot (!) (Ashley,Melissa).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian horse hidden shoes .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\xxx animal sleeping fishy .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american action trambling licking (Sonja).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking [bangbus] shower .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\norwegian horse animal big leather .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\british action blowjob catfight nipples balls (Karin,Sandy).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\porn sleeping sweet .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian sleeping .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay beastiality hot (!) lady .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal sperm catfight legs .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\indian porn [milf] wifey .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish fetish fetish public ash mature .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german blowjob gang bang hot (!) (Jade).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\german cumshot animal [free] .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian hardcore beast uncut YEâPSè& .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\horse fetish public 50+ (Ashley).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm full movie cock granny .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian lesbian several models balls .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\handjob cum [free] girly .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian lingerie hot (!) hairy .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese lesbian girls feet stockings .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\beastiality licking vagina .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\hardcore [bangbus] cock .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\nude hidden circumcision .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\nude lingerie voyeur .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse sleeping 40+ .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\action [free] 40+ .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\fetish uncut stockings .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\french fucking hidden gorgeoushorny .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\chinese sperm beastiality uncut (Christine,Samantha).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\norwegian sperm public femdom .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\trambling [milf] legs (Karin).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\gay sleeping feet latex .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian lesbian cum [free] .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\lesbian gay catfight .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian cum girls circumcision (Liz,Sandy).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\gay uncut nipples .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gay [milf] .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german horse voyeur titts ejaculation (Liz).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\kicking nude [free] beautyfull (Janette).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\french handjob hidden sweet .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian beast sleeping upskirt .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse [bangbus] hairy .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\security\templates\indian blowjob horse [free] upskirt .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish xxx xxx catfight vagina latex (Sonja).rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie uncut latex (Christine,Curtney).mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish gang bang masturbation gorgeoushorny .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\asian bukkake uncut leather (Karin,Sarah).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\german horse [bangbus] titts .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\xxx blowjob girls shower .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\norwegian cum horse catfight .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\french action gay voyeur boobs .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\british animal gay [free] cock hairy .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian cum gang bang [milf] ash black hairunshaved .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\russian gang bang several models vagina high heels .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\danish lesbian blowjob hidden femdom .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\blowjob [milf] .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\lesbian sleeping cock .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish gang bang uncut granny .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\hardcore beastiality several models ash boots .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\swedish kicking horse public cock young (Anniston).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american cum beast girls .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian porn masturbation young (Karin,Sarah).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\horse kicking [free] high heels .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia horse sleeping bedroom .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\lesbian sperm several models titts .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british beast handjob big bedroom .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\nude girls .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\american blowjob hidden castration .zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\danish gang bang trambling catfight .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\chinese horse fetish full movie .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse lingerie hidden .avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian xxx licking 40+ .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\black beastiality licking feet .mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fucking catfight traffic .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\action licking legs high heels (Sonja,Jenna).zip.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian cumshot [free] girly .mpeg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\japanese handjob bukkake sleeping granny .rar.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\japanese beast porn catfight high heels (Janette,Liz).mpg.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\danish cumshot girls redhair (Sandy).avi.exe	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2884	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2884	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2524	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2524	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4912	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4912	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2552	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2552	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1028	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1028	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2480	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
2480	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3260	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3260	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4676	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
4676	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 404	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	85
PID 392 wrote to memory of 404	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	85
PID 392 wrote to memory of 404	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	85
PID 404 wrote to memory of 1180	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	88
PID 404 wrote to memory of 1180	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	88
PID 404 wrote to memory of 1180	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	88
PID 392 wrote to memory of 4516	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	89
PID 392 wrote to memory of 4516	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	89
PID 392 wrote to memory of 4516	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	89
PID 404 wrote to memory of 3380	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	92
PID 404 wrote to memory of 3380	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	92
PID 404 wrote to memory of 3380	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	92
PID 392 wrote to memory of 1060	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	93
PID 392 wrote to memory of 1060	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	93
PID 392 wrote to memory of 1060	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	93
PID 4516 wrote to memory of 3244	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	94
PID 4516 wrote to memory of 3244	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	94
PID 4516 wrote to memory of 3244	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	94
PID 1180 wrote to memory of 4120	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	95
PID 1180 wrote to memory of 4120	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	95
PID 1180 wrote to memory of 4120	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	95
PID 404 wrote to memory of 2884	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	97
PID 404 wrote to memory of 2884	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	97
PID 404 wrote to memory of 2884	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	97
PID 1060 wrote to memory of 4912	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	98
PID 1060 wrote to memory of 4912	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	98
PID 1060 wrote to memory of 4912	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	98
PID 392 wrote to memory of 2524	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	99
PID 392 wrote to memory of 2524	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	99
PID 392 wrote to memory of 2524	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	99
PID 3380 wrote to memory of 4392	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	100
PID 3380 wrote to memory of 4392	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	100
PID 3380 wrote to memory of 4392	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	100
PID 4516 wrote to memory of 2552	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	101
PID 4516 wrote to memory of 2552	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	101
PID 4516 wrote to memory of 2552	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	101
PID 1180 wrote to memory of 1028	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	102
PID 1180 wrote to memory of 1028	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	102
PID 1180 wrote to memory of 1028	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	102
PID 3244 wrote to memory of 2480	3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	103
PID 3244 wrote to memory of 2480	3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	103
PID 3244 wrote to memory of 2480	3244	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	103
PID 4120 wrote to memory of 3260	4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	104
PID 4120 wrote to memory of 3260	4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	104
PID 4120 wrote to memory of 3260	4120	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	104
PID 404 wrote to memory of 4676	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	105
PID 404 wrote to memory of 4676	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	105
PID 404 wrote to memory of 4676	404	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	105
PID 3380 wrote to memory of 3924	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	108
PID 3380 wrote to memory of 3924	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	108
PID 3380 wrote to memory of 3924	3380	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	108
PID 1060 wrote to memory of 2804	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	107
PID 1060 wrote to memory of 2804	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	107
PID 1060 wrote to memory of 2804	1060	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	107
PID 392 wrote to memory of 3108	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	106
PID 392 wrote to memory of 3108	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	106
PID 392 wrote to memory of 3108	392	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	106
PID 2884 wrote to memory of 1312	2884	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	109
PID 2884 wrote to memory of 1312	2884	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	109
PID 2884 wrote to memory of 1312	2884	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	109
PID 1180 wrote to memory of 3364	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	110
PID 1180 wrote to memory of 3364	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	110
PID 1180 wrote to memory of 3364	1180	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	110
PID 4516 wrote to memory of 3648	4516	ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:392
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:19092
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17236
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16976
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8608
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6112
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8728
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9944
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:12940
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:760
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        7⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:19028
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7944
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8660
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9052
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17140
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:16896
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:11036
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:14792
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:17268
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        6⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7712
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7456
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17244
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9996
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:13480
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6996
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:8404
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1116
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:11868
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:8592
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:3108
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:9476
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:10724
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:14520
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:17132
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:5164
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
      4⤵
      PID:19020
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:7472
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:7224
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:14416
- - C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
    3⤵
    PID:9756
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:9980
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:1144
- C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\ccaf61553656b4c3242df3f0fe706510_NeikiAnalytics.exe"
  2⤵
  PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal sperm catfight legs .zip.exe

Filesize
505KB

MD5
98414896d2305f8ea3b1920dd99d53d0

SHA1
443c30570d495927cb15661d31c450c118b89a01

SHA256
92a414ccf8061c885f697c15063fa5a10125cee482bad5d9ace9484aa9d78f11

SHA512
d05da3db909c80c7cc81a7bcdff2c4647b7979b482e178ad9044ae8c95028d64dec2654cc6658cb23470a6bc222002edf3d7510e457978554653f67d07a8e7ac

Download Submit
memory/392-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/392-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/404-79-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/404-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/536-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/536-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/860-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/860-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1028-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1028-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1060-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1060-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1180-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1180-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1312-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1312-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1544-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1544-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2464-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2476-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2476-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2480-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2480-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2524-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2524-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2552-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2552-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2804-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2804-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2884-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2884-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2992-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2992-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3108-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3108-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3244-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3244-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3252-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3252-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3260-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3260-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3296-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3364-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3380-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3380-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3648-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3648-232-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3924-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3924-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4024-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4024-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4120-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4120-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4392-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4392-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4424-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4424-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4516-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4516-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4676-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4676-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4680-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4680-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4716-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4716-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4732-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4732-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4836-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4836-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4856-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4912-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4912-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4996-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4996-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5132-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5140-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5148-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5156-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5164-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5172-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5684-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5732-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5828-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5936-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5960-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5988-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6032-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6040-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6072-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6080-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6104-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6164-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download