ecb348fabdde21ceb8a0807aa4700d057b32c95851340910c975d0480cf5fb79

Analysis

max time kernel
13s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Size

406KB
MD5

5a58f3fa3b47f526f19f93aab73d0640
SHA1

e669187d101bfa12bcbab886c394761fb5950fd6
SHA256

ecb348fabdde21ceb8a0807aa4700d057b32c95851340910c975d0480cf5fb79
SHA512

97a0c79bece4658ff9f0f7371a2c39a2d7956b589c191a38558ff2b6f34b8e45507b291b5323ca9347599f96b7b02b5ab3c78a35109b7d4db2c31b241f20c538
SSDEEP

12288:oGHasii9BX06u4WT+f3+rDIHpW3TRBGTlBhwbideK:86X0VjT+fOrc3hteK

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\A:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\B:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\E:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\L:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\N:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\O:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\T:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\I:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\K:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\P:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\G:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\J:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\M:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\R:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\S:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\X:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\H:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\U:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\V:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File opened (read-only)	\??\W:	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\horse hardcore voyeur penetration .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore uncut .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian kicking fucking licking .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx big hairy .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob licking glans .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie voyeur .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish cum gay lesbian .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish animal lingerie [milf] cock girly (Janette).zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black action hardcore masturbation mature .mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american cumshot horse several models pregnant (Gina,Jade).rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish horse lingerie licking titts .mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish horse sperm catfight feet latex .mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie licking young (Sonja,Janette).zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian cumshot hardcore public hole (Sandy,Janette).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx voyeur Ôï (Britney,Janette).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling public .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish fetish lingerie uncut feet mature .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian beastiality fucking catfight castration .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\lesbian uncut girly .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia lesbian several models hotel .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black kicking blowjob [free] hole (Ashley,Samantha).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\american nude bukkake hidden .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish animal lesbian hot (!) glans .mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian kicking bukkake several models .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish fetish trambling [bangbus] cock (Ashley,Jade).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish action beast [bangbus] sm .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore catfight ash (Sonja,Jade).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish fetish sperm full movie 40+ (Sonja,Jade).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\xxx [milf] cock femdom .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling masturbation redhair .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american beastiality lesbian big hole (Jenna,Samantha).zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\gang bang horse sleeping hotel .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\malaysia gay hot (!) beautyfull .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian nude blowjob several models YEâPSè& .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\italian cumshot fucking public mature .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black horse hardcore [milf] cock beautyfull .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\blowjob [bangbus] feet .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese handjob xxx hot (!) feet 50+ (Samantha).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american animal lingerie licking 50+ .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian gang bang fucking girls cock .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\italian porn sperm several models titts gorgeoushorny .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\american nude lingerie sleeping blondie (Ashley,Tatjana).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob [free] lady .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish animal lingerie catfight glans granny .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian cum blowjob [bangbus] granny .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\british gay lesbian (Curtney).rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\fucking public .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese beastiality beast full movie shoes .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish animal gay [free] titts .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\kicking sperm uncut feet fishy .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\african lesbian uncut glans (Sonja,Sylvia).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\danish gang bang fucking several models .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling full movie hole young .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\danish handjob fucking masturbation titts .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish handjob horse voyeur feet mature (Karin).rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german beast public (Samantha).mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish kicking gay several models (Liz).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\horse public .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie licking .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\security\templates\lesbian catfight glans 40+ (Janette).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\lesbian sleeping (Liz).rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\handjob hardcore [free] .mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie [free] traffic (Christine,Curtney).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake uncut titts traffic .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\trambling public titts leather .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\norwegian blowjob several models .avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\russian nude xxx [bangbus] ash .rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cum sperm masturbation .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gang bang horse full movie .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african horse [milf] traffic (Ashley,Melissa).mpeg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\nude trambling [bangbus] (Samantha).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french gay uncut feet mistress .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish porn hardcore several models 50+ (Anniston,Curtney).mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian beastiality trambling catfight .zip.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse public titts 50+ (Sylvia).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german hardcore lesbian bondage .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\action horse girls titts hairy (Janette).rar.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\british fucking big lady .mpg.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish porn sperm hidden cock hotel (Liz).avi.exe	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3204	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3204	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2308	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2308	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1564	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1564	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1508	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1508	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4552	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4552	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1380	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1380	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2280	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
2280	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1632	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
1632	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4408	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
4408	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 2148	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	84
PID 4704 wrote to memory of 2148	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	84
PID 4704 wrote to memory of 2148	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	84
PID 4704 wrote to memory of 2292	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	85
PID 4704 wrote to memory of 2292	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	85
PID 4704 wrote to memory of 2292	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	85
PID 2148 wrote to memory of 3020	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	86
PID 2148 wrote to memory of 3020	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	86
PID 2148 wrote to memory of 3020	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	86
PID 4704 wrote to memory of 5108	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	89
PID 4704 wrote to memory of 5108	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	89
PID 4704 wrote to memory of 5108	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	89
PID 2148 wrote to memory of 3748	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	90
PID 2148 wrote to memory of 3748	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	90
PID 2148 wrote to memory of 3748	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	90
PID 2292 wrote to memory of 4212	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	91
PID 2292 wrote to memory of 4212	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	91
PID 2292 wrote to memory of 4212	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	91
PID 3020 wrote to memory of 432	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	92
PID 3020 wrote to memory of 432	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	92
PID 3020 wrote to memory of 432	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	92
PID 4704 wrote to memory of 3204	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	93
PID 4704 wrote to memory of 3204	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	93
PID 4704 wrote to memory of 3204	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	93
PID 2148 wrote to memory of 2308	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	94
PID 2148 wrote to memory of 2308	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	94
PID 2148 wrote to memory of 2308	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	94
PID 5108 wrote to memory of 1564	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	95
PID 5108 wrote to memory of 1564	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	95
PID 5108 wrote to memory of 1564	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	95
PID 3020 wrote to memory of 4552	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	96
PID 3020 wrote to memory of 4552	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	96
PID 3020 wrote to memory of 4552	3020	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	96
PID 2292 wrote to memory of 1508	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	97
PID 2292 wrote to memory of 1508	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	97
PID 2292 wrote to memory of 1508	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	97
PID 3748 wrote to memory of 2280	3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	98
PID 3748 wrote to memory of 2280	3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	98
PID 3748 wrote to memory of 2280	3748	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	98
PID 4212 wrote to memory of 1380	4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	99
PID 4212 wrote to memory of 1380	4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	99
PID 4212 wrote to memory of 1380	4212	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	99
PID 432 wrote to memory of 1632	432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	100
PID 432 wrote to memory of 1632	432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	100
PID 432 wrote to memory of 1632	432	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	100
PID 4704 wrote to memory of 4408	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	101
PID 4704 wrote to memory of 4408	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	101
PID 4704 wrote to memory of 4408	4704	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	101
PID 3204 wrote to memory of 3664	3204	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	102
PID 3204 wrote to memory of 3664	3204	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	102
PID 3204 wrote to memory of 3664	3204	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	102
PID 2148 wrote to memory of 4724	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	103
PID 2148 wrote to memory of 4724	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	103
PID 2148 wrote to memory of 4724	2148	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	103
PID 5108 wrote to memory of 2852	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	104
PID 5108 wrote to memory of 2852	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	104
PID 5108 wrote to memory of 2852	5108	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	104
PID 2308 wrote to memory of 3472	2308	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	105
PID 2308 wrote to memory of 3472	2308	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	105
PID 2308 wrote to memory of 3472	2308	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	105
PID 1564 wrote to memory of 4820	1564	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	106
PID 1564 wrote to memory of 4820	1564	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	106
PID 1564 wrote to memory of 4820	1564	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	106
PID 2292 wrote to memory of 4560	2292	5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe	107

C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11032
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12600
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11496
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:8216
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:11640
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:696
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12148
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:9448
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11440
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11536
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:11552
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        6⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11208
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12140
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:10000
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11628
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:7556
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:10132
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
        5⤵
        
        PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12724
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:12584
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:10712
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:7572
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:10196
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:9864
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
      4⤵
      PID:11172
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:9920
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  PID:1764
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:6708
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:8896
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:12216
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  PID:5908
- - C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
    3⤵
    PID:9848
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  PID:7524
- C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\5a58f3fa3b47f526f19f93aab73d0640_NeikiAnalytics.exe"
  2⤵
  PID:10152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian kicking bukkake several models .rar.exe

Filesize
1.1MB

MD5
c15db35d6ec65bc4235aad057a701c4d

SHA1
4b0544566686b830df0b18caa2183090c157e51d

SHA256
cc9b5ecc6cd503003106b3daa5b301f8c2054be737aa538da1be69804ab51d21

SHA512
9729edcb55bdc4774e4437e4dcacdb58f5bd9aea296073455a4c9dfda4a72afdfbbe3db282b9b08015e5fe87cdb3fc518fcb08f6d882be0308649a354372f857

Download Submit