809ecee1b45f982995eb1f2bd909b7c8e1e8d239fbc48bde760cdd9682ca179d

Analysis

max time kernel
15s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Size

172KB
MD5

6bc8afff4cb223fe4d727e318a6a6120
SHA1

726a563884d3487610233eecc145f4527be36456
SHA256

809ecee1b45f982995eb1f2bd909b7c8e1e8d239fbc48bde760cdd9682ca179d
SHA512

af3ccae5a000270ad3f3ba3a701f7d11fbce247da51b1c687fc8e94f2dae547d6621a37bba2739c328d896d40e96bb91bcfa9c002d19ce11d722fbd5a5b45a69
SSDEEP

3072:oGqIGRpTa9p1om9PW/pqqsFUCN3R9MI+IrJAdmjVSZ6qmBAWddvCgDYWikuVQApS:oGHGRpO9p1om9+xs3NBBradm50muWDvx

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\M:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\N:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\P:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\E:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\I:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\J:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\L:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\R:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\V:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\A:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\O:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\U:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\W:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\K:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\G:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\S:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\T:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\X:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File opened (read-only)	\??\B:	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\danish animal fucking girls .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\kicking horse full movie .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast big glans .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish beastiality lesbian full movie shoes .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling voyeur hole .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish animal beast full movie hole .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian porn fucking several models .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay [free] (Jade).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx lesbian .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm sleeping cock sm .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore [milf] feet bedroom .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish cumshot sperm voyeur .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore girls girly .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish nude xxx big cock upskirt (Karin).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian fetish xxx voyeur .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gang bang bukkake [bangbus] glans .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\trambling [milf] hole pregnant .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish gay [bangbus] hole 50+ .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\russian cumshot fucking uncut redhair .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking masturbation feet young .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\italian animal sperm uncut cock 50+ (Samantha).zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\xxx [free] glans boots .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish gang bang bukkake several models ash .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian cumshot bukkake public hole wifey .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\blowjob big hole sweet (Liz).avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian animal trambling lesbian glans castration (Sylvia).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black fetish hardcore [milf] .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian kicking sperm licking titts YEâPSè& (Liz).avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian cumshot gay licking hotel .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm sleeping gorgeoushorny (Britney,Karin).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\cumshot lingerie public penetration .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\malaysia sperm voyeur hole leather .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\asian blowjob big swallow .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\security\templates\american cum bukkake girls hairy .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese nude lingerie hidden feet .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\tyrkish nude blowjob full movie .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling full movie balls .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian gang bang horse sleeping cock wifey .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish gang bang lesbian lesbian glans .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african bukkake catfight mature .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\chinese bukkake hidden shoes .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\chinese trambling hot (!) latex .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish gang bang trambling voyeur traffic (Sandy,Sylvia).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black handjob fucking uncut cock (Anniston,Karin).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gay several models hotel .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\danish gang bang gay girls cock .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\fucking catfight hole leather (Karin).zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian cum gay hot (!) feet (Sonja,Janette).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fucking masturbation .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\lingerie licking titts fishy (Janette).avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\canadian trambling several models .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\nude beast licking high heels .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\handjob blowjob [milf] 50+ .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\gang bang blowjob catfight (Liz).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\swedish cum fucking masturbation .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african fucking lesbian wifey .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\french lesbian hidden shower (Sandy,Sylvia).zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\norwegian sperm sleeping upskirt .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\danish nude fucking [free] mistress .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\american nude lesbian public latex .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian nude fucking girls young .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\swedish horse trambling several models feet bedroom (Samantha).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\japanese beastiality sperm sleeping feet young (Jade).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse voyeur ¼ë .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\brasilian animal bukkake catfight cock gorgeoushorny (Sarah).mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\tyrkish beastiality trambling licking lady .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse public pregnant .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\asian bukkake catfight titts .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\chinese beast voyeur ejaculation .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\lesbian public bondage .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\asian xxx several models titts circumcision .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german lesbian hot (!) .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\asian bukkake big 40+ .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\black beastiality horse [milf] titts shower (Melissa).mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish animal fucking hidden pregnant (Christine,Melissa).zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\action bukkake [milf] (Sylvia).mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking hot (!) shoes .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\xxx public (Tatjana).mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\fucking masturbation .avi.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\black kicking beast licking shower .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\porn lesbian hot (!) cock upskirt .mpeg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\trambling [free] swallow (Sonja,Tatjana).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\beast uncut high heels .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian horse blowjob lesbian cock swallow (Curtney).mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese blowjob hot (!) latex .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\blowjob voyeur cock .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse big .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum lesbian lesbian .mpg.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\american beastiality trambling [bangbus] hairy .rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\malaysia blowjob full movie lady .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\xxx sleeping fishy .zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian fetish bukkake big (Samantha).rar.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african bukkake big (Liz).zip.exe	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3012	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3012	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3380	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3380	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2652	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2652	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2240	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2240	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3080	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3340	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3340	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3080	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4656	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
4656	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1648	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1648	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4432	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	86
PID 4804 wrote to memory of 4432	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	86
PID 4804 wrote to memory of 4432	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	86
PID 4432 wrote to memory of 2172	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	89
PID 4432 wrote to memory of 2172	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	89
PID 4432 wrote to memory of 2172	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	89
PID 4804 wrote to memory of 3500	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	90
PID 4804 wrote to memory of 3500	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	90
PID 4804 wrote to memory of 3500	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	90
PID 2172 wrote to memory of 464	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	93
PID 2172 wrote to memory of 464	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	93
PID 2172 wrote to memory of 464	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	93
PID 4432 wrote to memory of 5036	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	94
PID 4432 wrote to memory of 5036	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	94
PID 4432 wrote to memory of 5036	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	94
PID 4804 wrote to memory of 1940	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	95
PID 4804 wrote to memory of 1940	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	95
PID 4804 wrote to memory of 1940	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	95
PID 3500 wrote to memory of 3516	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	96
PID 3500 wrote to memory of 3516	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	96
PID 3500 wrote to memory of 3516	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	96
PID 2172 wrote to memory of 3012	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	98
PID 2172 wrote to memory of 3012	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	98
PID 2172 wrote to memory of 3012	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	98
PID 4432 wrote to memory of 3380	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	100
PID 4432 wrote to memory of 3380	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	100
PID 4432 wrote to memory of 3380	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	100
PID 464 wrote to memory of 2652	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	99
PID 464 wrote to memory of 2652	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	99
PID 464 wrote to memory of 2652	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	99
PID 5036 wrote to memory of 2240	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	101
PID 5036 wrote to memory of 2240	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	101
PID 5036 wrote to memory of 2240	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	101
PID 4804 wrote to memory of 3340	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	102
PID 4804 wrote to memory of 3340	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	102
PID 4804 wrote to memory of 3340	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	102
PID 3500 wrote to memory of 3080	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	103
PID 3500 wrote to memory of 3080	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	103
PID 3500 wrote to memory of 3080	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	103
PID 3516 wrote to memory of 4656	3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	105
PID 3516 wrote to memory of 4656	3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	105
PID 3516 wrote to memory of 4656	3516	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	105
PID 1940 wrote to memory of 1648	1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	104
PID 1940 wrote to memory of 1648	1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	104
PID 1940 wrote to memory of 1648	1940	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	104
PID 2172 wrote to memory of 3700	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	106
PID 2172 wrote to memory of 3700	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	106
PID 2172 wrote to memory of 3700	2172	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	106
PID 4432 wrote to memory of 3388	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	108
PID 4432 wrote to memory of 3388	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	108
PID 4432 wrote to memory of 3388	4432	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	108
PID 464 wrote to memory of 1488	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	107
PID 464 wrote to memory of 1488	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	107
PID 464 wrote to memory of 1488	464	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	107
PID 5036 wrote to memory of 2760	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	110
PID 5036 wrote to memory of 2760	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	110
PID 5036 wrote to memory of 2760	5036	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	110
PID 3380 wrote to memory of 2176	3380	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	109
PID 3380 wrote to memory of 2176	3380	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	109
PID 3380 wrote to memory of 2176	3380	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	109
PID 4804 wrote to memory of 4004	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	111
PID 4804 wrote to memory of 4004	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	111
PID 4804 wrote to memory of 4004	4804	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	111
PID 3500 wrote to memory of 3452	3500	6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe	112

C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4432
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        9⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:18680
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:21412
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18752
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:400
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18960
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1460
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:4968
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18952
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18052
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1340
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18688
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:4320
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:19828
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:15336
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:19656
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:18664
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5924
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18588
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:20796
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2168
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:19648
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18736
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1920
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18936
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5384
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:19632
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18380
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:4832
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:18672
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:9832
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:13400
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:15284
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18944
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:3556
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1692
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18080
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:7780
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:9776
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:18712
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:4724
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:2804
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18612
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:640
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:19640
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:10224
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:13948
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5032
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:15356
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:1464
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:10060
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:13968
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:15252
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:18912
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:11048
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:5144
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:6596
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
      4⤵
      PID:18180
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:10596
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:8596
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:12160
- - C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
    3⤵
    PID:18728
- C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6bc8afff4cb223fe4d727e318a6a6120_NeikiAnalytics.exe"
  2⤵
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish gang bang bukkake several models ash .zip.exe

Filesize
777KB

MD5
7c264cda0b6c346b37eab431e4d2b397

SHA1
946e851c49f72e40f90c18460a4467fa16c2616f

SHA256
93c6941f42de6abfcb3be856dcf050c1d63051d93d6136e581aa3d3d7ce3390e

SHA512
fd00e801824d34fd594e1234dbc28efd6122750fc22b6a0a2ff37769cf047e1024808bc12a6b44154765e4c2678acd4f4cba4e723eed04cfaeeeee005d0c4409

Download Submit