29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5

Analysis

max time kernel
15s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Size

200KB
MD5

6ead6bd201672f25d4e6d89d254d57b0
SHA1

604c6c71aea239a9c68741f6eb647400c3127eca
SHA256

29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5
SHA512

37e58b8364c096684a0614f1848d298ab8398606935fe06460a1da2815939eae5a4c24cb242834db6eb2783be0b82fdfd0f6b505ccb2dc7657a175c91905970b
SSDEEP

6144:A//ICMmDRxs3NBRsVWHOGmjBYpl7mHsd0A0a/EXbA:A//vi9B6VWu9m77mHE0A08obA

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\I:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\K:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\M:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\O:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\P:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\S:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\A:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\G:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\J:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\L:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\R:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\T:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\U:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\V:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\H:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\X:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\W:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\N:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File opened (read-only)	\??\E:	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gang bang full movie hole mature .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\porn [bangbus] .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast gay voyeur black hairunshaved .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese gay hardcore big stockings .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian beastiality gang bang masturbation titts fishy .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\american beast hot (!) redhair .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish fetish several models mistress .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black hardcore [milf] boobs .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish fetish sleeping bondage .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german hardcore big cock .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish bukkake hot (!) (Curtney).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot lesbian hole (Sandy,Anniston).avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\black fucking kicking [milf] ash sm .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse uncut vagina bondage (Sandy).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm trambling uncut (Ashley).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\canadian hardcore gay voyeur young (Ashley,Karin).zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian beast girls penetration (Sandy).rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish cum big glans high heels .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian lesbian porn [free] black hairunshaved .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\lesbian girls .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black beast nude uncut legs mature .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese cum fucking public .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish horse [bangbus] titts .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian catfight boobs black hairunshaved (Sandy,Curtney).zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\indian bukkake hidden vagina bedroom .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian horse action full movie titts .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american cumshot lingerie full movie cock .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\handjob handjob lesbian feet boots .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude beast uncut .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish bukkake beastiality masturbation bondage .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian porn [free] nipples .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian porn voyeur (Curtney,Tatjana).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\indian sperm [milf] castration .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\swedish porn voyeur .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french action lesbian hole pregnant (Sylvia).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\beast sleeping titts .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia animal blowjob [milf] ash .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\american horse hidden .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\brasilian handjob cum [bangbus] redhair .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lingerie beast voyeur young (Ashley).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\lingerie girls latex .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie girls gorgeoushorny (Tatjana).avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\spanish lesbian horse [bangbus] feet hairy (Liz).rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\indian lingerie [bangbus] girly .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse animal hidden .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\french action beastiality big hotel .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\american gang bang kicking full movie black hairunshaved (Liz,Tatjana).zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\spanish gang bang catfight granny (Anniston).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake blowjob [bangbus] titts pregnant (Anniston,Melissa).avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\malaysia horse [bangbus] latex .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian trambling masturbation hotel .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\brasilian sperm porn uncut legs beautyfull .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling [free] upskirt .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cumshot beastiality [free] upskirt .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\handjob horse full movie .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian sperm lesbian full movie cock leather .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\kicking [bangbus] (Janette).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black sperm fetish public .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish fucking bukkake lesbian .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\handjob xxx [free] ash .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\danish kicking gang bang uncut nipples 40+ .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\sperm hardcore uncut young .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\asian lesbian masturbation hairy .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\danish cumshot voyeur .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black cumshot hot (!) .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum uncut bondage .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake catfight feet granny .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish fetish fetish masturbation ash swallow .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse girls legs .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\canadian kicking beast hidden titts 50+ .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\japanese horse beast hot (!) redhair .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\japanese fetish lingerie hidden (Melissa).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\japanese bukkake several models vagina redhair .rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american trambling lingerie big .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\spanish beast sleeping lady .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\gang bang beastiality sleeping black hairunshaved (Karin).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\xxx nude licking boobs (Sandy).rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish xxx xxx full movie nipples .avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\hardcore lesbian catfight .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\bukkake licking latex (Ashley,Karin).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse [free] granny (Liz).mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian animal xxx full movie balls .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\xxx kicking lesbian (Sonja,Britney).rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\blowjob sperm full movie nipples penetration .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african horse sleeping .mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\chinese fucking hot (!) lady (Gina,Karin).mpg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish blowjob fetish voyeur boots (Janette,Anniston).zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\chinese lingerie lesbian hot (!) .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\japanese cum gang bang big YEâPSè& .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\gang bang sperm sleeping .zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african beastiality public boobs mature (Anniston).zip.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\cum sperm masturbation (Christine).avi.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\indian horse beast masturbation wifey (Liz).rar.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\danish beast trambling uncut .mpeg.exe	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4220	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4220	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4488	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4488	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2680	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2680	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4120	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4120	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4536	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
688	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4536	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
688	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4760	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4760	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1772	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
1772	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4684	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
4684	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 932	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	85
PID 1904 wrote to memory of 932	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	85
PID 1904 wrote to memory of 932	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	85
PID 1904 wrote to memory of 3604	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	86
PID 1904 wrote to memory of 3604	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	86
PID 1904 wrote to memory of 3604	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	86
PID 932 wrote to memory of 976	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	87
PID 932 wrote to memory of 976	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	87
PID 932 wrote to memory of 976	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	87
PID 976 wrote to memory of 4860	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	88
PID 976 wrote to memory of 4860	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	88
PID 976 wrote to memory of 4860	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	88
PID 932 wrote to memory of 2320	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	89
PID 932 wrote to memory of 2320	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	89
PID 932 wrote to memory of 2320	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	89
PID 1904 wrote to memory of 4264	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	90
PID 1904 wrote to memory of 4264	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	90
PID 1904 wrote to memory of 4264	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	90
PID 3604 wrote to memory of 432	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	91
PID 3604 wrote to memory of 432	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	91
PID 3604 wrote to memory of 432	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	91
PID 3604 wrote to memory of 4488	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	92
PID 3604 wrote to memory of 4488	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	92
PID 3604 wrote to memory of 4488	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	92
PID 932 wrote to memory of 4220	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	93
PID 932 wrote to memory of 4220	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	93
PID 932 wrote to memory of 4220	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	93
PID 2320 wrote to memory of 4536	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	94
PID 2320 wrote to memory of 4536	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	94
PID 2320 wrote to memory of 4536	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	94
PID 4860 wrote to memory of 688	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	95
PID 4860 wrote to memory of 688	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	95
PID 4860 wrote to memory of 688	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	95
PID 976 wrote to memory of 2680	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	96
PID 976 wrote to memory of 2680	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	96
PID 976 wrote to memory of 2680	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	96
PID 1904 wrote to memory of 4120	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	97
PID 1904 wrote to memory of 4120	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	97
PID 1904 wrote to memory of 4120	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	97
PID 432 wrote to memory of 4760	432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	98
PID 432 wrote to memory of 4760	432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	98
PID 432 wrote to memory of 4760	432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	98
PID 4264 wrote to memory of 1772	4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	99
PID 4264 wrote to memory of 1772	4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	99
PID 4264 wrote to memory of 1772	4264	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	99
PID 3604 wrote to memory of 4684	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	100
PID 3604 wrote to memory of 4684	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	100
PID 3604 wrote to memory of 4684	3604	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	100
PID 4860 wrote to memory of 3860	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	101
PID 4860 wrote to memory of 3860	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	101
PID 4860 wrote to memory of 3860	4860	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	101
PID 976 wrote to memory of 4720	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	102
PID 976 wrote to memory of 4720	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	102
PID 976 wrote to memory of 4720	976	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	102
PID 932 wrote to memory of 1160	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	103
PID 932 wrote to memory of 1160	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	103
PID 932 wrote to memory of 1160	932	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	103
PID 2320 wrote to memory of 4764	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	104
PID 2320 wrote to memory of 4764	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	104
PID 2320 wrote to memory of 4764	2320	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	104
PID 1904 wrote to memory of 3320	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	105
PID 1904 wrote to memory of 3320	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	105
PID 1904 wrote to memory of 3320	1904	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	105
PID 432 wrote to memory of 1492	432	29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe	106

C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        8⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:15924
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14212
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14112
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13620
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13612
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13772
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13560
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14172
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:15940
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:13884
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14252
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13604
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13828
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13752
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14356
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:8920
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:10400
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:14340
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13788
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14308
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13980
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:7952
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:10792
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:14068
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14140
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14028
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:9116
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:11248
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:15852
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14300
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:14020
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:8808
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:13844
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:3680
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
      4⤵
      PID:15932
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:14180
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:6696
- - C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
    3⤵
    PID:14752
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:8892
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:11016
- C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\29c7584569e9f2b74981537d3a49ef8de56cf685bebf91728f679542c8a917d5_NeikiAnalytics.exe"
  2⤵
  PID:15836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese cum fucking public .mpg.exe

Filesize
340KB

MD5
45fd6e0001cb84bc9866cd56f0a1667c

SHA1
bad9aeb06c9989ae1b24417b92b22f3a9e6f8ec4

SHA256
7fa9c3738e1028c70cc9657050e8f574f99fd409237e6ca3ebc8555a017b0b03

SHA512
dfda3d4571743001cf90dd9b6215a1e2fdb3b6a779f71936e042acb63cd27724bda02fcc6cc05248f1466d24cb81a630b1a383cce28aa5ed675f2656f01e8cd0

Download Submit