1d235139915fecb069a52d4cc4f307d2311db1acb95d02149c925e54c41c6816

Analysis

max time kernel
11s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Size

1.9MB
MD5

6ba450261c54646d35aeb0c518389930
SHA1

df597f3c0def0a600cce42cc884e0051d72f04b9
SHA256

1d235139915fecb069a52d4cc4f307d2311db1acb95d02149c925e54c41c6816
SHA512

2022d10ed09fe50ce2c112b3a179c7c398e0722a2199f88a4bbbb10c1c55eb1cbbda7c5abcbaf893cdb571061789abc32aa51304815b79fac0f495829d13b690
SSDEEP

49152:anDAFliUWHDViCy7e8ulNhqFlfiIggmjUsOjp0:qMxWHDVk7e+FBggmjjO2

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1112-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x0007000000023406-5.dat	upx
behavioral2/memory/2680-23-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4132-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4628-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4900-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1948-176-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1332-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3568-179-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1112-178-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1440-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4132-181-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1548-182-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4628-183-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3500-185-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2096-184-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1112-186-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4900-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/992-188-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1196-189-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2340-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2976-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1948-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/216-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5100-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1368-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2296-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1332-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1440-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/220-203-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1428-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1548-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1500-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3568-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4356-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3560-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3500-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1360-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/512-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/992-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1368-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/216-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5100-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2976-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5216-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4152-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1500-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4356-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3560-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/220-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5328-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5396-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/212-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5552-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4892-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5532-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/960-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5704-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1360-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2300-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5820-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5784-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5964-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5344-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\G:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\K:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\M:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\N:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\O:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\R:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\W:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\X:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\E:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\H:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\I:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\T:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\V:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\B:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\A:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\J:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\L:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\P:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File opened (read-only)	\??\S:	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob masturbation (Janette).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian handjob blowjob sleeping YEâPSè& (Sonja,Tatjana).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking bukkake uncut (Sarah).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black horse horse lesbian cock hotel .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie public glans penetration (Janette).rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie uncut sweet .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese animal xxx [bangbus] upskirt .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian action blowjob licking balls .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie licking glans blondie .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking masturbation ejaculation .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian [bangbus] hole .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black porn hardcore voyeur hole high heels (Karin).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm masturbation cock high heels (Samantha).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian several models feet girly .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish handjob hardcore [bangbus] (Tatjana).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\bukkake several models .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn beast [bangbus] (Jade).mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish cumshot xxx several models .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cumshot xxx public pregnant .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian beastiality lingerie sleeping cock young (Sylvia).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking several models hole .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american beastiality gay masturbation hole .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian animal fucking masturbation titts mistress (Curtney).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese beastiality xxx catfight (Sarah).rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\black animal bukkake licking .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese animal beast [free] (Sylvia).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian cumshot lesbian masturbation titts redhair .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese gang bang horse masturbation .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian [bangbus] feet (Ashley,Janette).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\horse masturbation .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\brasilian cumshot bukkake hidden hole fishy .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian [free] titts pregnant .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie big .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish beast full movie titts sm (Samantha).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\american nude lingerie [milf] wifey .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian porn blowjob voyeur ejaculation .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish animal bukkake several models .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\horse horse hidden traffic (Sonja,Karin).mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\swedish cumshot trambling catfight mistress .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fucking sleeping feet upskirt (Tatjana).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\italian horse bukkake girls (Janette).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\xxx girls hole girly (Liz).mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian horse blowjob uncut .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black action hardcore licking titts femdom (Samantha).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese gay [milf] titts redhair (Samantha).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\chinese beast hidden cock penetration .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian gang bang lingerie big cock .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian girls .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american porn blowjob sleeping upskirt .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\xxx hot (!) hole .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish sperm voyeur (Curtney).mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german lingerie [free] (Karin).rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay girls ¼ë .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian sperm [free] glans .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american cumshot gay sleeping 50+ .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\japanese horse beast [free] (Liz).rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\fucking hot (!) hole (Anniston,Melissa).mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\security\templates\trambling lesbian hairy .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia gay [milf] mature .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\german fucking [bangbus] feet wifey .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\blowjob [milf] femdom .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx licking cock fishy .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish beastiality bukkake [milf] ¼ë .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian gang bang hardcore [milf] titts stockings (Samantha).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian beast voyeur feet granny .avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian horse sleeping .mpeg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\indian cumshot trambling lesbian pregnant .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling [free] feet sweet .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\gay [free] shower .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\chinese trambling voyeur titts bondage .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\horse hot (!) feet .zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\animal horse [milf] young (Gina,Karin).avi.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\porn lesbian [bangbus] .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action horse public feet redhair (Liz).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action gay licking (Curtney).mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish nude fucking big hole castration .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\handjob bukkake catfight hole castration .mpg.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british blowjob [free] (Tatjana).zip.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\nude xxx [bangbus] titts .rar.exe	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1948	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1948	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1332	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1332	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
3568	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
3568	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2296	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2296	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1440	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1440	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1548	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1548	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1428	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1428	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
3500	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
3500	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2680	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	88
PID 1112 wrote to memory of 2680	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	88
PID 1112 wrote to memory of 2680	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	88
PID 1112 wrote to memory of 4132	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	94
PID 1112 wrote to memory of 4132	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	94
PID 1112 wrote to memory of 4132	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	94
PID 2680 wrote to memory of 4628	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	95
PID 2680 wrote to memory of 4628	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	95
PID 2680 wrote to memory of 4628	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	95
PID 1112 wrote to memory of 2096	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	96
PID 1112 wrote to memory of 2096	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	96
PID 1112 wrote to memory of 2096	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	96
PID 2680 wrote to memory of 4900	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	97
PID 2680 wrote to memory of 4900	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	97
PID 2680 wrote to memory of 4900	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	97
PID 4132 wrote to memory of 1196	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	98
PID 4132 wrote to memory of 1196	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	98
PID 4132 wrote to memory of 1196	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	98
PID 4628 wrote to memory of 2340	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	99
PID 4628 wrote to memory of 2340	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	99
PID 4628 wrote to memory of 2340	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	99
PID 1112 wrote to memory of 1948	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	101
PID 1112 wrote to memory of 1948	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	101
PID 1112 wrote to memory of 1948	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	101
PID 2096 wrote to memory of 1332	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	102
PID 2096 wrote to memory of 1332	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	102
PID 2096 wrote to memory of 1332	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	102
PID 2680 wrote to memory of 2296	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	103
PID 2680 wrote to memory of 2296	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	103
PID 2680 wrote to memory of 2296	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	103
PID 4900 wrote to memory of 3568	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	104
PID 4900 wrote to memory of 3568	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	104
PID 4900 wrote to memory of 3568	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	104
PID 4132 wrote to memory of 1440	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	105
PID 4132 wrote to memory of 1440	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	105
PID 4132 wrote to memory of 1440	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	105
PID 4628 wrote to memory of 1548	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	106
PID 4628 wrote to memory of 1548	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	106
PID 4628 wrote to memory of 1548	4628	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	106
PID 1196 wrote to memory of 1428	1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	107
PID 1196 wrote to memory of 1428	1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	107
PID 1196 wrote to memory of 1428	1196	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	107
PID 2340 wrote to memory of 3500	2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 3500	2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	108
PID 2340 wrote to memory of 3500	2340	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	108
PID 1112 wrote to memory of 992	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	110
PID 1112 wrote to memory of 992	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	110
PID 1112 wrote to memory of 992	1112	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	110
PID 4900 wrote to memory of 512	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	111
PID 4900 wrote to memory of 512	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	111
PID 4900 wrote to memory of 512	4900	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	111
PID 2096 wrote to memory of 1368	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	112
PID 2096 wrote to memory of 1368	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	112
PID 2096 wrote to memory of 1368	2096	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	112
PID 2680 wrote to memory of 5100	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	113
PID 2680 wrote to memory of 5100	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	113
PID 2680 wrote to memory of 5100	2680	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	113
PID 1948 wrote to memory of 216	1948	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	114
PID 1948 wrote to memory of 216	1948	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	114
PID 1948 wrote to memory of 216	1948	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	114
PID 4132 wrote to memory of 2976	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	115
PID 4132 wrote to memory of 2976	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	115
PID 4132 wrote to memory of 2976	4132	6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        8⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:20312
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:18896
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:19296
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:15188
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:20100
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:19840
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:14608
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:1204
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8188
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:16772
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:11500
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:16116
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:20280
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7552
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:15560
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:16256
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17300
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:18620
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:20156
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:15844
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:11620
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:17040
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:19372
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17972
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17776
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:11628
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:16300
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:992
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
        5⤵
        
        PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:548
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:19764
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:10576
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:14424
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:5140
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:17924
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
      4⤵
      PID:18064
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:12012
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:17308
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:6420
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:10708
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:14644
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:7996
- - C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
    3⤵
    PID:16780
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:10684
- C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6ba450261c54646d35aeb0c518389930_NeikiAnalytics.exe"
  2⤵
  PID:15168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking several models hole .mpeg.exe

Filesize
2.0MB

MD5
a9c6dac6eadeaf7f54b6ea3eef733b49

SHA1
ec61acd0c2c177d773767e1f647a01131d3deba9

SHA256
1df9ff940c2fc2aa918f503588a9060bfbe38e90ab310921770e5c4ec396e2ab

SHA512
7bc1fdd7904ac43407b4fd4e01c2e653a27a4d3d56b538e926fb5f1749ba16311d757db6938e90e43b166158748a3a906846f76d919a84729a62666c04dd0ec3

Download Submit
memory/212-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/220-203-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/220-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/512-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/960-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/992-188-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/992-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1112-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1112-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1112-327-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1112-186-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1196-189-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1332-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1332-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1360-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1360-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1368-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1368-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1428-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1440-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1440-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1500-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1500-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1548-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1548-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2096-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2296-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2300-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2340-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-23-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2976-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2976-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3268-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3500-185-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3500-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3560-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3560-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3568-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3568-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4132-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4132-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4152-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4356-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4356-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4628-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4628-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4892-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4900-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4900-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5100-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5100-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5140-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5284-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5320-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5328-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5328-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5344-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5372-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5384-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5396-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5532-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5532-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5552-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5552-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5628-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5644-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5644-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5676-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5688-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5704-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5704-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5784-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5784-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5820-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5820-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5952-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5952-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5956-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5964-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5964-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6000-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6176-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6232-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6240-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6248-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6256-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6316-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6364-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6420-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6552-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6604-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6708-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download