d27e35da621be81e3f27b4e6ac3758824a61f1bc1d7c477963398291aa8e80da

Analysis

max time kernel
15s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Size

997KB
MD5

8f08337f7837aa47466202fc69111220
SHA1

b72bd76383e8bdf5fc8fc5165bbda6e6cbe1c4c2
SHA256

d27e35da621be81e3f27b4e6ac3758824a61f1bc1d7c477963398291aa8e80da
SHA512

93dc7609c592595ac0b3f87206eb0425901e0aa9382dcb3d34f4f94e35dc2afe7956947f65d3f5bcead2a167e2a61691cbcb468656ad538ed59b1b411b3434ef
SSDEEP

24576:0xDdkbaSa+BNqy70QMMgke3EuTmgFI1Mrqyg+z9O6lGB2sy3swmCU/UwcPaUyC:ckbaSa+v70pM6EurI2rqny9Fpcwm7Uwy

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2988-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x000c000000023352-5.dat	upx
behavioral2/memory/4108-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/468-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/848-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4656-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2016-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2924-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2988-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2160-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4432-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3868-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4908-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4108-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2988-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3344-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3256-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/848-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4440-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4656-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3268-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2976-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2016-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4128-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1612-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2924-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2760-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2160-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3696-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4808-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4900-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4948-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4412-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3976-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3268-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3344-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2976-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5260-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4440-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1444-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4604-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5300-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3124-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4352-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2528-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4808-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4900-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1740-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3696-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5308-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4848-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5332-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5356-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5260-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2804-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5292-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5276-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5284-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5228-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5268-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5252-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5240-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6232-252-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6132-251-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\L:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\S:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\T:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\K:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\M:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\N:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\X:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\A:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\O:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\P:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\R:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\U:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\V:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\W:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\B:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\E:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\H:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\I:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\J:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\indian cum sperm uncut .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish beast masturbation feet pregnant .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian handjob lesbian sleeping titts leather .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish action gay full movie mistress (Gina,Tatjana).avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie licking YEâPSè& .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\bukkake licking feet bondage .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\bukkake catfight feet latex .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm lesbian glans .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm girls glans leather .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action gay big mature .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob public titts castration .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian porn gay [bangbus] femdom .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black beastiality xxx lesbian hole .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore [free] hairy .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie full movie cock girly (Sarah).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese action sperm [free] cock leather .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\fucking hidden cock .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black fetish xxx public .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\american kicking lesbian hidden feet balls .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\fucking uncut .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian nude hardcore several models bedroom .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\lingerie big hole gorgeoushorny (Tatjana).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\lingerie hot (!) 40+ .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american nude trambling hidden glans .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian beastiality bukkake sleeping hole mistress .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling lesbian cock traffic .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast hot (!) cock hotel .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore hot (!) shower (Jenna,Sylvia).rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\bukkake lesbian .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay uncut .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french bukkake [free] upskirt (Christine,Karin).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\japanese gang bang sperm girls .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\hardcore licking glans (Kathrin,Karin).avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal horse lesbian .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese fucking catfight glans granny (Curtney).rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\blowjob [milf] cock .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\italian animal bukkake uncut gorgeoushorny .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese cum bukkake catfight shower (Britney,Sarah).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\hardcore [free] mistress .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish handjob beast hidden feet ash (Sarah).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\fetish sperm girls .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\nude lingerie girls feet (Kathrin,Jade).rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\lesbian hot (!) sweet .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian kicking xxx voyeur lady .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese horse uncut (Sarah).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\porn lingerie voyeur femdom (Gina,Curtney).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\hardcore catfight circumcision (Kathrin,Liz).rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\indian action beast public hole penetration .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american nude xxx [bangbus] feet swallow .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\beastiality bukkake masturbation .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\gay lesbian cock stockings .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\blowjob lesbian (Sylvia).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\swedish porn hardcore sleeping fishy .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\gay catfight traffic .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african horse big granny .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\japanese gang bang hardcore big feet beautyfull .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\beast several models high heels (Christine,Janette).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\japanese animal beast full movie titts .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese gang bang hardcore several models feet shoes .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\canadian blowjob big sweet (Sonja,Melissa).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\french lesbian full movie (Samantha).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\fucking [bangbus] (Janette).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish handjob bukkake full movie (Samantha).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\action hardcore lesbian sm .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\xxx girls glans leather .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\action horse public YEâPSè& .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\security\templates\horse sleeping .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\malaysia horse lesbian (Jade).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\horse bukkake public traffic .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\asian horse hot (!) cock 50+ (Sylvia).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\african fucking several models sweet (Jenna,Curtney).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black porn lesbian sleeping hole (Gina,Sarah).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\bukkake uncut ¤ç (Jenna,Janette).mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish sperm uncut castration (Ashley,Tatjana).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse [bangbus] (Samantha).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\tyrkish horse blowjob licking titts traffic (Jade).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\nude xxx public .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\spanish bukkake [milf] .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\blowjob [free] sm .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\japanese animal beast uncut blondie .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian hardcore voyeur glans .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\british sperm sleeping .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum fucking several models glans .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action beast catfight cock shoes (Karin).zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french hardcore hot (!) feet girly (Karin).mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian hardcore hidden bedroom .zip.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\japanese fetish beast girls boots .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\lingerie uncut glans stockings .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob uncut .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm [milf] glans .avi.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\french lesbian hot (!) upskirt .rar.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish beastiality hardcore girls feet young .mpeg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian blowjob [free] shower .mpg.exe	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
1612	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
1612	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4128	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4128	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2924	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2924	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2760	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2760	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2160	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2160	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3868	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3868	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4948	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4948	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3344	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
3344	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 4432	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	86
PID 2988 wrote to memory of 4432	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	86
PID 2988 wrote to memory of 4432	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	86
PID 2988 wrote to memory of 4908	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	87
PID 2988 wrote to memory of 4908	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	87
PID 2988 wrote to memory of 4908	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	87
PID 4432 wrote to memory of 4108	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	88
PID 4432 wrote to memory of 4108	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	88
PID 4432 wrote to memory of 4108	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	88
PID 2988 wrote to memory of 468	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	93
PID 2988 wrote to memory of 468	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	93
PID 2988 wrote to memory of 468	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	93
PID 4108 wrote to memory of 3256	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	94
PID 4108 wrote to memory of 3256	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	94
PID 4108 wrote to memory of 3256	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	94
PID 4908 wrote to memory of 848	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	95
PID 4908 wrote to memory of 848	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	95
PID 4908 wrote to memory of 848	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	95
PID 4432 wrote to memory of 4656	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	96
PID 4432 wrote to memory of 4656	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	96
PID 4432 wrote to memory of 4656	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	96
PID 2988 wrote to memory of 2016	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	97
PID 2988 wrote to memory of 2016	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	97
PID 2988 wrote to memory of 2016	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	97
PID 4908 wrote to memory of 1612	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	98
PID 4908 wrote to memory of 1612	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	98
PID 4908 wrote to memory of 1612	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	98
PID 468 wrote to memory of 4128	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	99
PID 468 wrote to memory of 4128	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	99
PID 468 wrote to memory of 4128	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	99
PID 4108 wrote to memory of 2760	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	100
PID 4108 wrote to memory of 2760	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	100
PID 4108 wrote to memory of 2760	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	100
PID 4432 wrote to memory of 2924	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	101
PID 4432 wrote to memory of 2924	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	101
PID 4432 wrote to memory of 2924	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	101
PID 3256 wrote to memory of 2160	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	103
PID 3256 wrote to memory of 2160	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	103
PID 3256 wrote to memory of 2160	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	103
PID 848 wrote to memory of 3868	848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	104
PID 848 wrote to memory of 3868	848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	104
PID 848 wrote to memory of 3868	848	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	104
PID 4656 wrote to memory of 4948	4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	105
PID 4656 wrote to memory of 4948	4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	105
PID 4656 wrote to memory of 4948	4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	105
PID 2988 wrote to memory of 4412	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	106
PID 2988 wrote to memory of 4412	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	106
PID 2988 wrote to memory of 4412	2988	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	106
PID 4908 wrote to memory of 3268	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	108
PID 4908 wrote to memory of 3268	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	108
PID 4908 wrote to memory of 3268	4908	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	108
PID 468 wrote to memory of 3976	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	109
PID 468 wrote to memory of 3976	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	109
PID 468 wrote to memory of 3976	468	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	109
PID 4432 wrote to memory of 4352	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	110
PID 4432 wrote to memory of 4352	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	110
PID 4432 wrote to memory of 4352	4432	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	110
PID 4108 wrote to memory of 4440	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	111
PID 4108 wrote to memory of 4440	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	111
PID 4108 wrote to memory of 4440	4108	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	111
PID 3256 wrote to memory of 2976	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	112
PID 3256 wrote to memory of 2976	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	112
PID 3256 wrote to memory of 2976	3256	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	112
PID 4656 wrote to memory of 1444	4656	8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4432
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        8⤵
        
        PID:17624
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:18736
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15116
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15076
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15508
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:9108
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:10908
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:15532
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        7⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15144
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:17536
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15568
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:14448
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:10732
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:15128
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15476
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:13428
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:10932
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:15716
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:17712
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:15084
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:10948
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:15456
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:4412
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:18324
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:13952
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:12916
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:1636
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:5372
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:17824
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:6744
- - C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
    3⤵
    PID:12892
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:8956
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:10972
- C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\8f08337f7837aa47466202fc69111220_NeikiAnalytics.exe"
  2⤵
  PID:17840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast hot (!) cock hotel .rar.exe

Filesize
730KB

MD5
6ff1c8b9bff20216ab9d408743e7a3e7

SHA1
f56f338f96d2b7e5872edd099cda2a4a0d85d243

SHA256
3ca55cb156ebd900ca454fabbe6d1fec5ac02c5a7546b67d95580736fcd63eab

SHA512
ee6cbec020731cc0e56edde34c516a633ad30b8fa90f2290cdbbbd28554998cd66e303a939866ca18c5369aff01d42356d9afed850de767a18b774dd3d8a4c24

Download Submit
C:\debug.txt

Filesize
146B

MD5
dcbdbde1a9dfb9a6335abcb7657ca6f3

SHA1
a416af223b08b5fb1a151cbe43e05a81fbc25e1e

SHA256
bf7e5e00bc8e53034d826d255b2d69dc7f9f0bd82ae480b8d348c2b75af7426f

SHA512
e9a87ae1660b670f792435403dec319fefc6d7cc2ea8c54ff857feab1e0480dabb38e556febee980adc5ce26c7811c3403266bb1bef870cca1b8f9fc2df4d9cc

Download Submit
memory/468-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/848-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1612-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2016-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2016-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2160-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2160-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2528-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2804-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2804-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2924-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2924-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2976-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2976-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2988-290-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2988-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2988-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2988-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2988-454-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3256-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3268-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3268-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3344-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3344-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3696-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3696-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3868-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3976-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4108-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4108-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4128-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4352-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4412-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4432-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4440-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4440-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4604-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4656-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4656-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4808-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4808-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4900-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4900-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4908-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4948-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5228-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5240-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5248-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5260-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5268-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5284-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5292-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5308-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5316-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5324-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5332-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5332-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5340-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5348-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5356-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5356-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5364-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5372-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5372-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5380-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5408-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5408-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5656-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5656-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6132-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6132-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6140-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6232-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6232-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6352-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6360-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6372-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6428-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6600-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6776-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6784-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6792-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6920-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download