6bf5067687c8400f14e0da62c3eef51c8d7655b84f4ebcccb082155c62ba11e9

Analysis

max time kernel
15s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Size

1.6MB
MD5

d43ea1f0b4bf5436852c21efbbee2000
SHA1

a1fca51de2aa0da6646990209bda1fef2051a22c
SHA256

6bf5067687c8400f14e0da62c3eef51c8d7655b84f4ebcccb082155c62ba11e9
SHA512

dda9c7763ec29055ba98f288fe5ff92225b8207968c1cb230e1e3b7ff956107baaa16bdd01757810175926bca88cea02e39b3b0d35e4a93a858aa10d2a82ecb5
SSDEEP

24576:VP8fvZh80df25dVyX+5549EmwiQIIt6uNks+Cx+TpHib77bJCLdGpkKGE2JsqcO:CfvD45d3U9E8zItjNk/T9qba0p1J/O

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1200-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023411-5.dat	upx
behavioral2/memory/2852-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5080-178-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2528-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3824-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3624-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2824-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2000-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1200-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/868-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3132-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1200-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4880-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4988-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/416-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/452-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2528-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5060-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2924-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/736-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/852-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4504-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1904-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3624-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3824-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2000-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4596-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2824-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/696-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2608-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3132-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/544-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/452-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1868-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/416-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3124-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2708-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2984-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1616-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2964-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1808-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3656-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3664-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4484-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/852-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3568-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/736-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1044-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2608-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4692-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1520-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4596-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1416-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5764-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3124-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5756-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2396-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/544-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5020-250-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5864-246-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5920-245-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\E:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\J:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\R:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\S:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\T:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\X:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\A:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\N:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\U:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\M:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\O:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\B:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\G:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\H:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\I:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\K:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\L:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\P:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\V:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File opened (read-only)	\??\W:	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\british lesbian horse girls sweet .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\canadian gang bang handjob [milf] glans lady (Christine).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\british bukkake lesbian girly (Kathrin,Curtney).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish gang bang big bondage .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american bukkake voyeur legs latex .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian hardcore beastiality hidden feet Ôï .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay voyeur bedroom (Christine,Kathrin).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish xxx public feet (Sonja).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse full movie girly .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian gang bang cumshot [bangbus] .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish full movie .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese sperm horse public glans blondie .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\cum uncut stockings .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian fetish fetish several models shower (Sonja).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\canadian action girls girly .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gang bang several models fishy .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\german horse gay several models feet blondie .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\fetish animal full movie (Ashley,Sonja).avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\asian bukkake lesbian .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish hardcore horse [milf] boobs (Karin,Sarah).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian animal beastiality masturbation traffic (Curtney).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish beastiality lesbian ash (Britney).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish horse horse voyeur gorgeoushorny .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\german blowjob kicking [free] nipples bedroom .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\brasilian action [milf] redhair .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\animal gang bang [bangbus] feet sm (Tatjana,Sarah).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\action gang bang voyeur .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian lingerie public hotel .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian blowjob girls (Janette).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian action masturbation boobs (Jade).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\gay lesbian black hairunshaved (Curtney).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\animal voyeur balls (Ashley).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\american gay beastiality girls .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lingerie fetish catfight feet wifey .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\danish beast fetish big circumcision (Sylvia,Christine).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\african kicking horse [free] lady .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gang bang fucking hidden .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\xxx sperm girls (Tatjana,Melissa).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\japanese lingerie fucking big ash .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fucking big hotel .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\russian horse animal big legs .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese animal sleeping mature .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese horse voyeur castration .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian beastiality xxx several models (Kathrin).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\handjob public titts sm .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian horse hidden traffic .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese gay public .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\beastiality kicking [bangbus] .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\black handjob licking vagina .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish beast gay girls stockings .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\nude beastiality sleeping redhair .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\indian handjob several models girly .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish nude big girly .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\cumshot porn big young (Gina).avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\indian gang bang handjob several models boobs (Tatjana,Anniston).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\african horse uncut blondie (Samantha).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\american sperm xxx voyeur ash blondie .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\cumshot porn [bangbus] (Sylvia,Jenna).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\indian action public 50+ .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\sperm horse lesbian fishy .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn [free] circumcision .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\tyrkish fucking public vagina femdom (Kathrin,Ashley).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\tyrkish horse hot (!) lady .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\beast sleeping wifey .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\cum masturbation boobs .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\lingerie horse public Ôï .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\porn sperm hidden boobs castration (Sarah,Sonja).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\security\templates\brasilian lingerie action girls (Ashley).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\asian gang bang bukkake several models .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american porn cum big cock black hairunshaved .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\norwegian nude sleeping (Liz,Liz).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\lingerie public boobs .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\beastiality catfight latex .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot blowjob big mature .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie voyeur .mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob fetish licking legs (Christine).avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\nude action catfight titts hotel .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese cumshot hidden boots .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gay hot (!) feet (Tatjana).avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\trambling hardcore masturbation feet .zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african beast animal big titts wifey .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\fetish fetish [free] legs .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\danish blowjob horse lesbian .avi.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish lesbian [bangbus] .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish sperm gang bang [bangbus] (Gina).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\tyrkish handjob trambling [bangbus] ash .mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\action voyeur hotel (Sylvia).mpg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\american lingerie licking sweet .rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\trambling full movie hole shoes (Curtney).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black action bukkake girls vagina (Kathrin).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia fucking full movie (Sylvia).zip.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm animal full movie high heels (Christine).mpeg.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american fucking big fishy (Ashley).rar.exe	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3624	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3624	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1904	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1904	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4504	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4504	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2000	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2000	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
696	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
696	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3132	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
3132	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
416	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
416	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	86
PID 868 wrote to memory of 2852	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	87
PID 868 wrote to memory of 2852	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	87
PID 868 wrote to memory of 2852	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	87
PID 1200 wrote to memory of 4880	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	88
PID 1200 wrote to memory of 4880	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	88
PID 1200 wrote to memory of 4880	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	88
PID 868 wrote to memory of 5080	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	91
PID 868 wrote to memory of 5080	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	91
PID 868 wrote to memory of 5080	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	91
PID 1200 wrote to memory of 2924	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	92
PID 1200 wrote to memory of 2924	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	92
PID 1200 wrote to memory of 2924	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	92
PID 2852 wrote to memory of 5060	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	93
PID 2852 wrote to memory of 5060	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	93
PID 2852 wrote to memory of 5060	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	93
PID 4880 wrote to memory of 2528	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	94
PID 4880 wrote to memory of 2528	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	94
PID 4880 wrote to memory of 2528	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	94
PID 5080 wrote to memory of 3824	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	95
PID 5080 wrote to memory of 3824	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	95
PID 5080 wrote to memory of 3824	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	95
PID 868 wrote to memory of 3624	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	96
PID 868 wrote to memory of 3624	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	96
PID 868 wrote to memory of 3624	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	96
PID 2852 wrote to memory of 1904	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	97
PID 2852 wrote to memory of 1904	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	97
PID 2852 wrote to memory of 1904	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	97
PID 1200 wrote to memory of 4504	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	98
PID 1200 wrote to memory of 4504	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	98
PID 1200 wrote to memory of 4504	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	98
PID 4880 wrote to memory of 2824	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	99
PID 4880 wrote to memory of 2824	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	99
PID 4880 wrote to memory of 2824	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	99
PID 2924 wrote to memory of 2000	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	100
PID 2924 wrote to memory of 2000	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	100
PID 2924 wrote to memory of 2000	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	100
PID 5060 wrote to memory of 696	5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	101
PID 5060 wrote to memory of 696	5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	101
PID 5060 wrote to memory of 696	5060	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	101
PID 2528 wrote to memory of 3132	2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	102
PID 2528 wrote to memory of 3132	2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	102
PID 2528 wrote to memory of 3132	2528	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	102
PID 3824 wrote to memory of 416	3824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	103
PID 3824 wrote to memory of 416	3824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	103
PID 3824 wrote to memory of 416	3824	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	103
PID 5080 wrote to memory of 4988	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	104
PID 5080 wrote to memory of 4988	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	104
PID 5080 wrote to memory of 4988	5080	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	104
PID 868 wrote to memory of 452	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	105
PID 868 wrote to memory of 452	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	105
PID 868 wrote to memory of 452	868	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	105
PID 1200 wrote to memory of 1868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	106
PID 1200 wrote to memory of 1868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	106
PID 1200 wrote to memory of 1868	1200	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	106
PID 2852 wrote to memory of 2984	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	107
PID 2852 wrote to memory of 2984	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	107
PID 2852 wrote to memory of 2984	2852	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	107
PID 2924 wrote to memory of 736	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	108
PID 2924 wrote to memory of 736	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	108
PID 2924 wrote to memory of 736	2924	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	108
PID 4880 wrote to memory of 3568	4880	d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:868
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14356
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:416
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14428
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14204
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14276
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14188
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14644
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:7520
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:10284
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14404
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        7⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14124
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14180
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14252
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14476
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:6388
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:7536
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:10824
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:13600
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14020
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14556
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14380
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:7856
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:11572
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14132
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14340
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14300
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:10356
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14436
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:1868
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:6632
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:7472
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:10260
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14388
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:4692
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:8956
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14028
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:6504
- - C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
    3⤵
    PID:14612
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:7504
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:10276
- C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\d43ea1f0b4bf5436852c21efbbee2000_NeikiAnalytics.exe"
  2⤵
  PID:14412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish hardcore horse [milf] boobs (Karin,Sarah).rar.exe

Filesize
2.1MB

MD5
ac4efb8542f6af006195b80b9f22fa9a

SHA1
c89f4a62c356cd5ec80708c50bdce73d4f663bdf

SHA256
d94332e7bcb92390651269276f69eb425c060aed8823d6554eee48778ce99c8a

SHA512
809b181d09548f37a0c6168547aa8ea64f899f7c819d049c34575cf92b223dd564c00bb294881d437088434beea83cc036fa9d868ad33446c5e8a31c492c07d0

Download Submit
memory/416-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/416-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/452-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/452-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/544-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/544-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/696-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/736-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/736-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/852-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/852-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/868-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1044-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1044-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-301-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-432-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1416-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1416-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1520-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1520-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1616-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1616-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1808-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1808-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1868-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2000-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2000-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2396-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2528-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2528-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2608-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2608-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2824-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2924-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2964-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2964-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2984-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3132-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3132-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3568-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3624-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3624-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3656-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3656-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3664-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3664-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3824-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3824-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3996-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4220-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4484-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4484-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4504-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4596-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4596-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4716-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4880-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4988-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5004-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5020-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5060-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5080-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5756-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5764-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5764-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5816-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5828-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5864-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5888-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5896-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5912-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5920-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5948-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6180-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6188-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6216-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6316-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6324-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6332-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6356-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6364-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6388-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6400-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download