7ab456c3464540be5152bce5317a7dbb4b00826e9cca9d60755d281f126aa0d1

Analysis

max time kernel
17s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Size

987KB
MD5

dfe6a47bcaf4c6ed91a260f401386f70
SHA1

b0845c02dd40d5fb0cc4d9efdd8f92893a9451a9
SHA256

7ab456c3464540be5152bce5317a7dbb4b00826e9cca9d60755d281f126aa0d1
SHA512

e929f4f1b786cda996253c9630add3485cbb16977b449198ba0d949c590b4faf3d1d5acb8a32138f1f722165c11bc273f798ca64b786c8652ca3b61fad3b3d63
SSDEEP

24576:0E5Aw5N/86pgL+HeEGbFVewp0bIyy0P9kpYMlq1Y:r5HE6pgL+HeXwd9kpYMoY

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4392-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-5.dat	upx
behavioral2/memory/2612-87-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1968-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3200-178-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2868-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2456-181-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1056-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4392-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4788-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2612-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3652-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1968-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4392-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/636-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1272-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2836-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3200-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/836-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2640-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/232-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/376-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3964-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2868-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4424-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4360-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4656-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2152-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2456-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4864-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4008-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3652-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4660-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1016-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4788-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/376-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5184-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5168-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2640-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2836-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5508-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5500-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5492-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5484-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5460-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5444-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5388-223-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4216-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/748-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5516-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5420-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/836-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5540-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4396-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2152-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5672-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5680-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4656-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3636-241-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6196-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4660-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5184-243-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5168-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6460-251-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\I:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\J:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\N:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\P:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\T:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\W:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\A:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\B:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\K:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\L:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\M:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\S:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\V:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\X:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\E:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\H:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\R:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\U:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\O:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\xxx [bangbus] ash (Samantha,Ashley).avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish gang bang full movie 40+ .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african fetish voyeur feet 40+ .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\spanish nude cum [bangbus] sweet (Britney).avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french cum beast hot (!) .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian horse catfight glans 40+ .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black beast cumshot uncut leather (Sylvia,Sonja).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian porn voyeur legs sweet .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese porn hidden (Curtney,Ashley).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality big boobs 50+ (Sylvia).mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\german beastiality fucking hidden .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish sleeping legs Ôï (Liz).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian nude lingerie [bangbus] .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian blowjob xxx several models 50+ (Gina).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian trambling girls .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\kicking voyeur ejaculation .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\blowjob action several models .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake fetish big granny .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish handjob hardcore [free] beautyfull .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking blowjob sleeping YEâPSè& .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black lesbian animal masturbation blondie .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\malaysia handjob public (Sandy,Christine).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\canadian nude animal girls .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\kicking lesbian high heels .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish horse fucking catfight feet latex .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american blowjob hardcore public .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake handjob uncut titts fishy (Sarah).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\cum hardcore hot (!) .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beastiality nude public feet (Ashley,Karin).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\hardcore big sm (Jenna).mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian gang bang [milf] .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\black porn nude big .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese bukkake lingerie lesbian .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\french cumshot cum [bangbus] ash .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking gay masturbation stockings .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian sperm horse girls bedroom (Kathrin,Gina).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\indian lesbian handjob several models (Sylvia,Sylvia).avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian fetish gay uncut boobs 50+ .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish beast lingerie public (Curtney,Janette).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french lesbian horse sleeping pregnant (Christine).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\gang bang fetish girls castration .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\beast action sleeping beautyfull (Britney,Liz).mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\swedish bukkake girls vagina shoes .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\handjob blowjob [milf] (Christine,Kathrin).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\trambling fucking hidden .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\asian xxx xxx catfight 40+ .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\french hardcore sperm licking hole .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\canadian beast hidden shoes .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\action [milf] hole leather .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\indian fetish [milf] circumcision .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\german xxx lesbian gorgeoushorny .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\tyrkish cumshot hot (!) glans Ôï .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fucking blowjob licking lady .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\tyrkish fetish cum licking shoes .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\chinese horse big boobs redhair .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\swedish lingerie fucking masturbation sweet (Sarah,Jade).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish blowjob horse full movie bedroom (Kathrin,Ashley).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\cumshot gay big high heels .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish fetish sperm catfight upskirt .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\french nude hot (!) castration (Sonja,Jenna).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian hardcore several models balls .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\german beast horse [bangbus] stockings (Janette,Kathrin).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast [milf] vagina .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\hardcore [milf] nipples girly (Britney).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\animal lesbian (Jenna).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african cumshot uncut shower (Jade,Janette).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\blowjob fetish voyeur high heels .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast several models stockings .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\tyrkish fetish hot (!) hole redhair .mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\italian beastiality hardcore girls (Karin).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gang bang lesbian high heels .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish nude hidden YEâPSè& (Samantha).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african hardcore [milf] leather .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\handjob uncut (Melissa).mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\animal full movie .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fucking masturbation leather (Jade,Ashley).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action porn [milf] 50+ .zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\norwegian cumshot beast [free] .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx full movie .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\gang bang horse big cock granny .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish sperm bukkake full movie .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian nude full movie penetration .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\tyrkish fucking bukkake public circumcision (Sonja,Sonja).mpeg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\german fetish girls .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian horse [milf] boots .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british hardcore hidden titts leather (Sonja).rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse lesbian hidden .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian animal public cock penetration .rar.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\canadian cum cumshot catfight (Britney,Jenna).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\animal catfight feet leather .mpg.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\xxx fetish voyeur .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia sperm horse public 40+ (Sonja).zip.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal sleeping penetration .avi.exe	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2868	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2868	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4360	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4360	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4424	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4424	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1056	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1056	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2456	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
2456	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4864	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4864	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4788	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4788	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1016	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
1016	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3652	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
3652	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 2612	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	88
PID 4392 wrote to memory of 2612	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	88
PID 4392 wrote to memory of 2612	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	88
PID 4392 wrote to memory of 1968	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	91
PID 4392 wrote to memory of 1968	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	91
PID 4392 wrote to memory of 1968	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	91
PID 2612 wrote to memory of 636	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	92
PID 2612 wrote to memory of 636	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	92
PID 2612 wrote to memory of 636	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	92
PID 2612 wrote to memory of 232	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	95
PID 2612 wrote to memory of 232	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	95
PID 2612 wrote to memory of 232	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	95
PID 636 wrote to memory of 3964	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	96
PID 636 wrote to memory of 3964	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	96
PID 636 wrote to memory of 3964	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	96
PID 4392 wrote to memory of 1272	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	97
PID 4392 wrote to memory of 1272	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	97
PID 4392 wrote to memory of 1272	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	97
PID 1968 wrote to memory of 3200	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	98
PID 1968 wrote to memory of 3200	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	98
PID 1968 wrote to memory of 3200	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	98
PID 4392 wrote to memory of 2868	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	100
PID 4392 wrote to memory of 2868	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	100
PID 4392 wrote to memory of 2868	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	100
PID 636 wrote to memory of 4360	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	101
PID 636 wrote to memory of 4360	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	101
PID 636 wrote to memory of 4360	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	101
PID 2612 wrote to memory of 4424	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	102
PID 2612 wrote to memory of 4424	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	102
PID 2612 wrote to memory of 4424	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	102
PID 1968 wrote to memory of 1056	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	103
PID 1968 wrote to memory of 1056	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	103
PID 1968 wrote to memory of 1056	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	103
PID 232 wrote to memory of 4864	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	105
PID 232 wrote to memory of 4864	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	105
PID 232 wrote to memory of 4864	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	105
PID 3964 wrote to memory of 4788	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	106
PID 3964 wrote to memory of 4788	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	106
PID 3964 wrote to memory of 4788	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	106
PID 3200 wrote to memory of 1016	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	107
PID 3200 wrote to memory of 1016	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	107
PID 3200 wrote to memory of 1016	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	107
PID 636 wrote to memory of 4008	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	108
PID 636 wrote to memory of 4008	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	108
PID 636 wrote to memory of 4008	636	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	108
PID 4392 wrote to memory of 3652	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	109
PID 4392 wrote to memory of 3652	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	109
PID 4392 wrote to memory of 3652	4392	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	109
PID 2612 wrote to memory of 376	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	110
PID 2612 wrote to memory of 376	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	110
PID 2612 wrote to memory of 376	2612	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	110
PID 1968 wrote to memory of 2640	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	111
PID 1968 wrote to memory of 2640	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	111
PID 1968 wrote to memory of 2640	1968	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	111
PID 232 wrote to memory of 748	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	113
PID 232 wrote to memory of 748	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	113
PID 232 wrote to memory of 748	232	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	113
PID 3964 wrote to memory of 4216	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	114
PID 3964 wrote to memory of 4216	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	114
PID 3964 wrote to memory of 4216	3964	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	114
PID 3200 wrote to memory of 836	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	115
PID 3200 wrote to memory of 836	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	115
PID 3200 wrote to memory of 836	3200	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	115
PID 4360 wrote to memory of 4396	4360	dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:19816
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        8⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19084
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19948
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19792
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:19808
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19896
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:232
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19864
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19752
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15428
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19800
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:11524
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16172
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15856
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16180
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19904
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:8688
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:13128
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:15404
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:19768
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:19784
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        7⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19736
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19832
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19760
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15436
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19920
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16244
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19856
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19728
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19720
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15500
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:9384
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19928
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:19076
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  PID:1272
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15396
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19912
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16140
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:12820
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:15476
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:11324
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19880
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:12940
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:15412
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:19776
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:19872
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:16028
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:10384
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:15880
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:5532
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
      4⤵
      PID:17444
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:11860
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:16220
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:7040
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:11296
- - C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
    3⤵
    PID:15532
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:9172
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:12784
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:15460
- C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe6a47bcaf4c6ed91a260f401386f70_NeikiAnalytics.exe"
  2⤵
  PID:19824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beastiality nude public feet (Ashley,Karin).rar.exe

Filesize
1.4MB

MD5
8fb1d08b5228d8aaa935cc6a02addf93

SHA1
4d9fcbe456ce6fc6fa76044d8fae6950c150af2f

SHA256
a33c709473f105f031f0b5367c51ba51f74740e6037c49f083b12a3b885438fd

SHA512
38f1849c610c4d900faa4850c87d7a6a6e0c3e64164bb97d1e883b415310e5c64ff7f8b764b1bc9c0d33c2c7262d04b76d856a6a0fcf3eab50d22e66a6c87fbb

Download Submit
memory/232-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/376-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/376-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/636-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/748-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/836-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/836-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1016-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1056-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1272-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1968-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1968-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2152-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2152-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2456-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2456-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2612-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2612-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2640-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2836-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2836-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2868-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2868-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3200-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3200-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3636-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3652-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3652-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3964-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4008-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4216-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4360-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4392-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4392-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4392-294-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4392-476-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4392-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4396-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4424-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4656-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4656-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4660-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4660-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4788-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4788-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4864-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5168-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5168-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5276-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5388-223-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5388-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5408-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5420-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5432-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5444-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5484-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5492-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5492-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5500-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5500-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5508-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5508-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5516-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5516-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5524-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5532-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5540-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5540-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5664-281-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5672-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5672-283-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5680-282-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5680-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6196-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6196-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6284-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-245-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6320-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6348-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6460-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6572-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6620-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6752-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6760-279-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6768-280-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6980-285-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6992-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download