4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b

Analysis

max time kernel
148s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 06:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Size

2.0MB
MD5

6d2e3c7b70feac5f4076c5adc9d9b8a0
SHA1

55c388e66d42ba6575bf91d2f33ada63d683f37d
SHA256

4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b
SHA512

aeabac49902f41ee74848c8bbbba19a283c0f08e29928952cc3862b9a1c97f4187d5daa4de3b3303e62f5612d63d0b42093d936b5cfc822297db66a2b9427ef6
SSDEEP

49152:z+EH66L+hdsyPzZ7ZfZODrCNX73N7WURtr8qi+DfE9u78ZK6:HH6G+PFPzZ7ZfZODuNXbN7DYqi+Ds9uw

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\J:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\M:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\S:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\A:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\E:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\T:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\U:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\X:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\G:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\N:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\O:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\V:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\W:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\B:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\I:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\K:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\L:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\P:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File opened (read-only)	\??\R:	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\beast full movie glans hotel .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american fetish blowjob full movie hole gorgeoushorny (Melissa).rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese kicking horse voyeur .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian action lesbian several models (Melissa).mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore catfight .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian beastiality sperm lesbian feet .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish action trambling [milf] (Janette).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\african blowjob catfight cock wifey .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore lesbian mistress .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx several models hole YEâPSè& .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian horse masturbation (Tatjana).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\fucking licking (Tatjana).mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese nude blowjob girls 40+ .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish cumshot bukkake full movie sweet .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\japanese porn trambling uncut titts .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse [milf] bondage .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fucking several models titts granny (Melissa).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian lesbian girls .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish handjob hardcore public bedroom .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx hot (!) .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american animal blowjob hot (!) titts .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm big glans .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake sleeping cock beautyfull (Melissa).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast licking circumcision (Britney,Tatjana).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black kicking blowjob [free] (Janette).avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian porn bukkake sleeping mistress .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish beastiality beast [bangbus] circumcision .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese beastiality trambling full movie hole latex .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese horse hardcore several models glans ash (Curtney).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\italian kicking blowjob catfight .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\tyrkish cum fucking lesbian cock .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\malaysia hardcore several models (Curtney).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fucking full movie (Sarah).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\action beast masturbation glans Ôï (Sylvia).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american horse trambling several models bondage .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\black animal bukkake public hole mistress .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\handjob beast lesbian ejaculation .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\malaysia trambling public cock .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\sperm full movie glans .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx masturbation balls .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\swedish nude fucking catfight glans .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beastiality gay girls YEâPSè& .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\fetish horse hidden cock latex (Liz).rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish kicking fucking voyeur bondage .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish nude lesbian sleeping blondie .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\lesbian voyeur YEâPSè& .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia horse big mistress .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish horse hot (!) .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish nude fucking full movie lady .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\italian cum fucking uncut .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\handjob fucking sleeping hole YEâPSè& .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\asian bukkake licking blondie (Ashley,Sarah).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\african lingerie hot (!) (Jade).mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian lingerie public (Sylvia).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\animal sperm [free] fishy .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\animal horse hot (!) titts .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish cum horse hot (!) hole castration (Melissa).avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish cumshot sperm hidden hole .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\trambling sleeping hole shower .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\hardcore girls hole high heels .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\hardcore licking .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\spanish beast girls (Liz).avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\russian beastiality fucking sleeping femdom (Britney,Curtney).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american nude beast lesbian feet .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lingerie voyeur castration .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\security\templates\indian kicking gay [bangbus] (Liz).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian kicking lesbian masturbation hole mistress (Curtney).avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish gang bang lesbian hidden feet swallow .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay hidden swallow .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish action bukkake hot (!) (Sarah).mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\blowjob public feet lady (Sylvia).avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\malaysia lingerie hidden balls .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\spanish horse [bangbus] beautyfull .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\trambling several models (Jade).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian horse lesbian [bangbus] (Curtney).mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish hardcore sleeping hole shoes .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie catfight feet .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\german hardcore masturbation .mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum lingerie masturbation glans upskirt .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\lingerie licking titts .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse bukkake licking granny .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\handjob xxx sleeping .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british fucking several models hole latex (Karin).mpg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\blowjob full movie titts .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\bukkake full movie wifey .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\swedish porn beast several models cock .zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black gang bang lesbian licking feet .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\fucking masturbation high heels .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\swedish beastiality xxx [bangbus] titts .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese sperm licking YEâPSè& .mpeg.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\indian cum lesbian hot (!) boots .rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\blowjob [free] (Tatjana).rar.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay masturbation glans (Sonja,Janette).zip.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\horse uncut titts .avi.exe	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2496	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2496	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4552	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4552	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2960	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2960	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
896	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
896	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
976	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
976	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1172	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1172	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3144	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3144	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3048	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3048	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2116	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
2116	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3432	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	81
PID 1972 wrote to memory of 3432	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	81
PID 1972 wrote to memory of 3432	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	81
PID 1972 wrote to memory of 3736	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	82
PID 1972 wrote to memory of 3736	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	82
PID 1972 wrote to memory of 3736	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	82
PID 3432 wrote to memory of 1828	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	83
PID 3432 wrote to memory of 1828	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	83
PID 3432 wrote to memory of 1828	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	83
PID 3736 wrote to memory of 1532	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	84
PID 3736 wrote to memory of 1532	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	84
PID 3736 wrote to memory of 1532	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	84
PID 1972 wrote to memory of 3184	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	85
PID 1972 wrote to memory of 3184	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	85
PID 1972 wrote to memory of 3184	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	85
PID 3432 wrote to memory of 3300	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	86
PID 3432 wrote to memory of 3300	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	86
PID 3432 wrote to memory of 3300	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	86
PID 1828 wrote to memory of 4652	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	87
PID 1828 wrote to memory of 4652	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	87
PID 1828 wrote to memory of 4652	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	87
PID 1532 wrote to memory of 2496	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	88
PID 1532 wrote to memory of 2496	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	88
PID 1532 wrote to memory of 2496	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	88
PID 1972 wrote to memory of 4552	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	89
PID 1972 wrote to memory of 4552	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	89
PID 1972 wrote to memory of 4552	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	89
PID 3736 wrote to memory of 2960	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	90
PID 3736 wrote to memory of 2960	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	90
PID 3736 wrote to memory of 2960	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	90
PID 3432 wrote to memory of 896	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	91
PID 3432 wrote to memory of 896	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	91
PID 3432 wrote to memory of 896	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	91
PID 1828 wrote to memory of 1172	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	92
PID 1828 wrote to memory of 1172	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	92
PID 1828 wrote to memory of 1172	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	92
PID 3184 wrote to memory of 976	3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	93
PID 3184 wrote to memory of 976	3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	93
PID 3184 wrote to memory of 976	3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	93
PID 4652 wrote to memory of 3144	4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	94
PID 4652 wrote to memory of 3144	4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	94
PID 4652 wrote to memory of 3144	4652	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	94
PID 3300 wrote to memory of 3048	3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	95
PID 3300 wrote to memory of 3048	3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	95
PID 3300 wrote to memory of 3048	3300	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	95
PID 3736 wrote to memory of 2116	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	97
PID 3736 wrote to memory of 2116	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	97
PID 3736 wrote to memory of 2116	3736	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	97
PID 1532 wrote to memory of 3356	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	96
PID 1532 wrote to memory of 3356	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	96
PID 1532 wrote to memory of 3356	1532	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	96
PID 1972 wrote to memory of 4076	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	98
PID 1972 wrote to memory of 4076	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	98
PID 1972 wrote to memory of 4076	1972	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	98
PID 2496 wrote to memory of 1220	2496	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 1220	2496	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	99
PID 2496 wrote to memory of 1220	2496	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	99
PID 3432 wrote to memory of 348	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	100
PID 3432 wrote to memory of 348	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	100
PID 3432 wrote to memory of 348	3432	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	100
PID 1828 wrote to memory of 4512	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	101
PID 1828 wrote to memory of 4512	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	101
PID 1828 wrote to memory of 4512	1828	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	101
PID 3184 wrote to memory of 4424	3184	4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        9⤵
        
        PID:21148
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:19576
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:23040
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:22716
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:20764
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:19604
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:20896
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:20676
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20804
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:21860
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:19028
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:20716
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:19008
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:23272
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21140
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:20748
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:18828
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20904
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:19108
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:21808
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:23168
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21508
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:20692
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:18444
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:21004
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19968
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19976
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:20644
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20700
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:18808
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20724
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19728
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5092
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:21976
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19400
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:20684
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:12340
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:18408
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        8⤵
        
        PID:19064
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:22208
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20660
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:23052
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:21984
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20732
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19056
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:21076
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20272
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:23112
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:23512
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19772
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21648
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20204
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21260
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21968
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20304
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:21288
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:21816
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19884
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:18868
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:16492
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:18184
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:16876
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        7⤵
        
        PID:20912
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20796
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19588
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:20756
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19272
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21640
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:23220
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:3772
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:21948
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19716
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:20740
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:12584
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:19000
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        6⤵
        
        PID:21800
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:19612
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:23120
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:16696
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:12456
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:18452
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:4076
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:19628
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:21632
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:10244
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:15108
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:1692
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
      4⤵
      PID:10260
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:14580
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:20708
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:6516
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:12032
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:9024
- - C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
    3⤵
    PID:13376
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:12936
- C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4883347dd349c25e5961260b16581c04536c3b7474cce1c0db0795f1d718f57b_NeikiAnalytics.exe"
  2⤵
  PID:19620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse [milf] bondage .mpeg.exe

Filesize
1.0MB

MD5
127cb13d8f70d8ff31cb54df58ccaf82

SHA1
1c74e054358eeb0ba24b5a447423439fdec76b88

SHA256
94136553f6f838e924f80b789c0757cccd5f4de8e99041d036d56952d4832bb1

SHA512
3647203ddcc487974006a45369a4c10a03e3b92556fc754979c05e74061eab88648b74c7b677186f3ca9ae8a82c60b02721dedb690adf0f840c515f430bca632

Download Submit