4d92c7f68084fb12b2460e7e17d3af456f727e2e97cfd741e284cb7549868f99

Analysis

max time kernel
15s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Size

1.4MB
MD5

0a6e0b3ecf916b5b76e786b7fc1e5060
SHA1

65731b3989fb9c85e0042986df45d4d80ef21e85
SHA256

4d92c7f68084fb12b2460e7e17d3af456f727e2e97cfd741e284cb7549868f99
SHA512

1f746dcbaa1c524aaab25257b6616342d518fe35e5cbb61493d22061af7bc8dafb2efafd8705ac9a0e29bfab471b80fcb65c1b64d77212df785db4bbd0dbc8c7
SSDEEP

24576:VppoIGityTFgS8uZdMso827o/GDV4Ww6ijtQIKlhJX11s35nXfHZOW2oAA6+SW:3poIGityRM9so827o/GK/wlhJCHcKAFe

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3024-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-5.dat	upx
behavioral2/memory/2304-17-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3144-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2016-151-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2200-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4260-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2184-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2972-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4224-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4520-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4812-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3024-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3172-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/688-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3792-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3144-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2016-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2304-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3024-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2200-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4260-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2352-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2184-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3132-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2640-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4696-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1672-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2972-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2480-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1972-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4224-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4520-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4812-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1404-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1692-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/688-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4112-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3812-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4876-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3792-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3172-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2352-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1724-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3132-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3764-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1764-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2560-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1972-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2480-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4548-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4124-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1404-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1692-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2264-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4736-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4112-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3812-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4876-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1980-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4692-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3764-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2124-244-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\W:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\B:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\H:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\U:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\E:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\malaysia bukkake hidden .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian beastiality trambling hot (!) titts black hairunshaved .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese cum fucking catfight feet ¼ë (Sylvia).avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black porn beast licking feet penetration .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore full movie latex .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish horse gay full movie hole (Sandy,Curtney).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian nude sperm [free] hole pregnant (Samantha).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast full movie femdom (Sandy,Melissa).rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie uncut hole .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore uncut lady (Anniston,Karin).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling full movie titts (Kathrin,Janette).rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish handjob horse catfight feet wifey .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\japanese cum bukkake [free] .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\american fetish trambling masturbation ash (Ashley,Sylvia).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\blowjob [free] circumcision .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beast uncut hotel .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking licking cock sweet .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american kicking hardcore big boots .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian porn bukkake [milf] .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx hidden cock .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\blowjob masturbation young .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish porn sperm full movie bondage .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx hidden (Curtney).mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\american horse sperm hidden castration .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay public boots .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish handjob blowjob lesbian ¼ë (Sonja,Karin).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish handjob fucking [free] feet sm .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german sperm big hole .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast sleeping .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british bukkake [milf] .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\PLA\Templates\swedish fetish bukkake big feet 40+ (Sarah).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian fetish fucking [milf] penetration .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\sperm public hole .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\beastiality fucking full movie .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\german xxx licking cock wifey .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\sperm sleeping hole leather .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast masturbation hole sweet .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse masturbation traffic .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\swedish nude blowjob hidden hole pregnant (Sarah).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\animal horse uncut Ôï .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\gay full movie feet redhair .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\malaysia blowjob several models titts hotel .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\canadian lingerie hidden cock young (Liz).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob licking feet .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\italian kicking hardcore girls feet ash .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\african horse [free] hole .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian gay licking .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian lingerie hidden shower .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\action fucking catfight beautyfull .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia lingerie hidden feet gorgeoushorny (Samantha).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\american porn lingerie sleeping cock bondage .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\security\templates\horse big feet penetration .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast big YEâPSè& .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse sleeping (Karin).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cumshot trambling uncut cock shoes .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\norwegian xxx [milf] (Samantha).rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\sperm full movie (Liz).rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\bukkake sleeping hole castration (Liz).avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\american gang bang horse masturbation cock .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\blowjob several models swallow .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\black porn lingerie [free] titts .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\italian porn gay masturbation (Samantha).avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\german horse girls titts .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\cumshot xxx hidden traffic .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\horse horse sleeping glans boots .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\american cumshot lingerie licking .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian horse beast public cock latex .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\trambling hot (!) balls .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\bukkake hidden (Karin).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\action xxx lesbian ejaculation (Anniston,Sylvia).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot lesbian masturbation (Curtney).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\spanish sperm lesbian glans .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\japanese kicking xxx sleeping titts girly .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\chinese beast sleeping feet Ôï .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish beastiality lesbian [bangbus] penetration .mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore girls leather (Kathrin,Liz).mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore catfight (Tatjana).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\xxx hot (!) feet 40+ (Tatjana).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish porn bukkake public wifey .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\animal lesbian public feet hairy (Samantha).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\british trambling several models (Curtney).mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\malaysia blowjob lesbian bedroom .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian fetish lesbian catfight titts swallow (Sarah).avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\swedish gang bang trambling catfight feet young .mpeg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\kicking fucking hot (!) cock bondage .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gang bang xxx public cock .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx public redhair .avi.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\action hardcore masturbation shoes (Gina,Jade).mpg.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\handjob fucking full movie hole .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse voyeur .rar.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\black animal lingerie licking .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\lesbian hot (!) (Jade).zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish porn sperm lesbian hole .zip.exe	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2640	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2640	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2972	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2972	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4224	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4224	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4812	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4812	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4520	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4520	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3172	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3172	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3172	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
688	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
688	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3792	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
3792	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
2352	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2304	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	87
PID 3024 wrote to memory of 2304	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	87
PID 3024 wrote to memory of 2304	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	87
PID 3024 wrote to memory of 2016	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	89
PID 3024 wrote to memory of 2016	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	89
PID 3024 wrote to memory of 2016	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	89
PID 2304 wrote to memory of 3144	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	90
PID 2304 wrote to memory of 3144	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	90
PID 2304 wrote to memory of 3144	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	90
PID 2016 wrote to memory of 4260	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	91
PID 2016 wrote to memory of 4260	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	91
PID 2016 wrote to memory of 4260	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	91
PID 3024 wrote to memory of 2200	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	92
PID 3024 wrote to memory of 2200	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	92
PID 3024 wrote to memory of 2200	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	92
PID 2304 wrote to memory of 2184	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	93
PID 2304 wrote to memory of 2184	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	93
PID 2304 wrote to memory of 2184	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	93
PID 3144 wrote to memory of 4696	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	94
PID 3144 wrote to memory of 4696	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	94
PID 3144 wrote to memory of 4696	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	94
PID 2016 wrote to memory of 2640	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	95
PID 2016 wrote to memory of 2640	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	95
PID 2016 wrote to memory of 2640	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	95
PID 3024 wrote to memory of 2972	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	96
PID 3024 wrote to memory of 2972	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	96
PID 3024 wrote to memory of 2972	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	96
PID 2304 wrote to memory of 4224	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	97
PID 2304 wrote to memory of 4224	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	97
PID 2304 wrote to memory of 4224	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	97
PID 4260 wrote to memory of 4812	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	98
PID 4260 wrote to memory of 4812	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	98
PID 4260 wrote to memory of 4812	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	98
PID 3144 wrote to memory of 4520	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	99
PID 3144 wrote to memory of 4520	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	99
PID 3144 wrote to memory of 4520	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	99
PID 2200 wrote to memory of 3172	2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	100
PID 2200 wrote to memory of 3172	2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	100
PID 2200 wrote to memory of 3172	2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	100
PID 4696 wrote to memory of 688	4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	101
PID 4696 wrote to memory of 688	4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	101
PID 4696 wrote to memory of 688	4696	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	101
PID 2184 wrote to memory of 3792	2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	102
PID 2184 wrote to memory of 3792	2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	102
PID 2184 wrote to memory of 3792	2184	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	102
PID 3024 wrote to memory of 2352	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	103
PID 3024 wrote to memory of 2352	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	103
PID 3024 wrote to memory of 2352	3024	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	103
PID 2016 wrote to memory of 3132	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	104
PID 2016 wrote to memory of 3132	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	104
PID 2016 wrote to memory of 3132	2016	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	104
PID 4260 wrote to memory of 1724	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	105
PID 4260 wrote to memory of 1724	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	105
PID 4260 wrote to memory of 1724	4260	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	105
PID 2304 wrote to memory of 1764	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	106
PID 2304 wrote to memory of 1764	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	106
PID 2304 wrote to memory of 1764	2304	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	106
PID 2972 wrote to memory of 2560	2972	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	107
PID 2972 wrote to memory of 2560	2972	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	107
PID 2972 wrote to memory of 2560	2972	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	107
PID 3144 wrote to memory of 1672	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	108
PID 3144 wrote to memory of 1672	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	108
PID 3144 wrote to memory of 1672	3144	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	108
PID 2200 wrote to memory of 1972	2200	0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12868
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:11828
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:14744
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12708
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12056
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13236
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:9620
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:12892
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        7⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:11852
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12828
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13272
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:7068
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:12852
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        6⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12684
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12716
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:332
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13252
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13376
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:12496
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:9716
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:12164
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13012
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:7124
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:9484
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:12628
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:13152
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
      4⤵
      PID:11164
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:9660
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:2772
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
    3⤵
    PID:13288
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  PID:7052
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  PID:9500
- C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0a6e0b3ecf916b5b76e786b7fc1e5060_NeikiAnalytics.exe"
  2⤵
  PID:12740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx hidden cock .mpg.exe

Filesize
331KB

MD5
ff9f582e119510ee518c71673115820b

SHA1
68681a797042b83471ebfa7d4a1e196fbdaa7554

SHA256
d5ad1e341549de878e142956146cf53b1281ebd12e17064a684ae1d9b270cb67

SHA512
3a504fa1335aaeea3bdda7ca13c564eb90877784b15c53cb49202bfb4d27a93d5785d81e0b42619ef4b2b39d9affc563b102c9740f8ceae66e8ea49f01626c4c

Download Submit
memory/332-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/688-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/688-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1180-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1404-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1404-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1672-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1692-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1692-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1724-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1764-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1972-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1972-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1980-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2016-151-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2016-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2124-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2132-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2184-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2184-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2304-17-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2304-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2352-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2432-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2480-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2480-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2560-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2696-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2756-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-429-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3132-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3132-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3144-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3144-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3172-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3172-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3448-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3764-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3764-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3812-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3812-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4112-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4112-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4124-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4172-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4224-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4224-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4260-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4260-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4520-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4520-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4548-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4680-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4692-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4696-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4736-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4760-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4812-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4812-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4876-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4876-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5648-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5660-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5660-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5772-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5780-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5780-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5792-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5840-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5848-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5860-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5868-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5876-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5932-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5940-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5948-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5988-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6264-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6272-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6280-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6456-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6464-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6480-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download