3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73

Analysis

max time kernel
11s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Size

1.9MB
MD5

195a5ce451e07889730aa5ed64a5d030
SHA1

e21ee756c39f47a3ae3445746ad347dcf09d4fcb
SHA256

3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73
SHA512

636edad0a1c989f2dbdb6008d6e631dcf3d96aafc39aa202c33f3934afaaacff3ad765fb2aeae8b700c2ed740840b90400374e520e39e3250a001e86408b7625
SSDEEP

49152:hIfp89ejJVw9lfuILYotLDqKzPV7vVPY6+z57EIUCUDd4UyD5wr:ufCcjJFr6t75g7up40

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\I:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\M:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\N:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\S:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\T:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\U:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\A:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\X:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\G:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\H:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\J:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\L:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\B:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\V:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\O:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\P:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\R:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\W:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File opened (read-only)	\??\K:	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish horse blowjob catfight cock .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob [bangbus] boots .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse hidden (Liz).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american animal sperm lesbian sweet .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay [free] .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cumshot lingerie lesbian YEâPSè& .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie masturbation titts young .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lingerie big girly .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian handjob blowjob hot (!) glans femdom (Tatjana).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\bukkake hidden feet .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\indian animal lesbian big hotel .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse several models cock 40+ (Sarah).mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian cumshot fucking full movie .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\xxx [bangbus] cock wifey .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gang bang hardcore licking feet wifey (Samantha).avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american horse hardcore public (Melissa).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast hidden castration .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish animal xxx uncut titts redhair .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian cumshot lingerie hidden traffic .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese beastiality hardcore [bangbus] glans .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian porn sperm [bangbus] titts .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish porn bukkake big feet (Jenna,Samantha).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude blowjob voyeur latex .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black horse xxx sleeping leather (Britney,Karin).rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\sperm [milf] 50+ (Ashley,Melissa).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish porn fucking hidden boots .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian cum horse lesbian gorgeoushorny .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american animal fucking [milf] redhair .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish nude fucking big gorgeoushorny .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\german sperm catfight cock .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\tyrkish kicking sperm [milf] mature .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\indian action gay lesbian glans sweet .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian horse sperm public titts ejaculation (Karin).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\bukkake masturbation hole redhair (Tatjana).mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\sperm full movie mature .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\blowjob masturbation cock upskirt .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish cumshot fucking girls feet (Christine,Janette).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\horse big .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake [bangbus] feet mistress .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\fetish beast catfight hotel (Christine,Sylvia).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\brasilian nude hardcore licking femdom .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\trambling big titts .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian animal blowjob public glans .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\kicking fucking public boots .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian horse hardcore [free] (Samantha).mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian cum lesbian public blondie (Sonja,Jade).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\handjob lesbian several models shower .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian sperm hot (!) hole .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\black handjob blowjob hot (!) glans .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\danish horse bukkake [free] titts .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\british trambling big hole bedroom (Tatjana).avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx public feet shoes .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\american handjob xxx uncut .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\british horse big (Sarah).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\chinese sperm lesbian hole bondage (Karin).zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\american cumshot lingerie sleeping titts .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese animal hardcore sleeping glans .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\chinese xxx masturbation hole .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian beastiality hardcore uncut wifey (Kathrin,Liz).avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm catfight glans bondage .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse big hole .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian animal lingerie uncut (Janette).rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\italian cum hardcore public sm .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american cumshot hardcore [free] leather .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american fetish horse full movie .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american cumshot sperm big .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish fetish gay [milf] traffic .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\black animal xxx several models upskirt .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\brasilian fetish bukkake voyeur .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\beast girls pregnant .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cum bukkake [milf] titts swallow .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\german trambling uncut titts .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\horse hidden ejaculation .mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\fucking sleeping cock traffic .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake public .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\trambling hidden upskirt (Anniston,Jade).mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\bukkake public cock leather (Samantha).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\horse hot (!) shower .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\american action blowjob big feet balls (Karin).avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american kicking bukkake [bangbus] penetration .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\danish porn beast sleeping .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\chinese gay uncut titts girly (Samantha).avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\french horse voyeur stockings .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\indian cumshot fucking [free] YEâPSè& .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish beastiality hardcore full movie .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african fucking big feet hairy .rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish gang bang lingerie catfight (Curtney).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\tyrkish cum horse licking penetration .zip.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian cumshot fucking [free] .avi.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish gay several models (Tatjana).rar.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\swedish kicking blowjob licking cock .mpg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian fucking masturbation titts bondage (Liz).mpeg.exe	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
244	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
244	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4920	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4920	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4696	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4696	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4560	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
4560	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3988	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3988	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2616	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2616	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3880	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3880	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3304	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
3304	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3112	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	80
PID 2176 wrote to memory of 3112	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	80
PID 2176 wrote to memory of 3112	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	80
PID 3112 wrote to memory of 2164	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	81
PID 3112 wrote to memory of 2164	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	81
PID 3112 wrote to memory of 2164	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	81
PID 2176 wrote to memory of 3784	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	82
PID 2176 wrote to memory of 3784	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	82
PID 2176 wrote to memory of 3784	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	82
PID 3784 wrote to memory of 1316	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	83
PID 3784 wrote to memory of 1316	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	83
PID 3784 wrote to memory of 1316	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	83
PID 2164 wrote to memory of 5068	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	84
PID 2164 wrote to memory of 5068	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	84
PID 2164 wrote to memory of 5068	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	84
PID 2176 wrote to memory of 5020	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	85
PID 2176 wrote to memory of 5020	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	85
PID 2176 wrote to memory of 5020	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	85
PID 3112 wrote to memory of 5012	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	86
PID 3112 wrote to memory of 5012	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	86
PID 3112 wrote to memory of 5012	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	86
PID 3784 wrote to memory of 244	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	88
PID 3784 wrote to memory of 244	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	88
PID 3784 wrote to memory of 244	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	88
PID 1316 wrote to memory of 4920	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	87
PID 1316 wrote to memory of 4920	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	87
PID 1316 wrote to memory of 4920	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	87
PID 5068 wrote to memory of 4696	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	89
PID 5068 wrote to memory of 4696	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	89
PID 5068 wrote to memory of 4696	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	89
PID 2176 wrote to memory of 4560	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	91
PID 2176 wrote to memory of 4560	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	91
PID 2176 wrote to memory of 4560	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	91
PID 3112 wrote to memory of 3988	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	92
PID 3112 wrote to memory of 3988	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	92
PID 3112 wrote to memory of 3988	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	92
PID 2164 wrote to memory of 2616	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	90
PID 2164 wrote to memory of 2616	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	90
PID 2164 wrote to memory of 2616	2164	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	90
PID 5020 wrote to memory of 3880	5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	93
PID 5020 wrote to memory of 3880	5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	93
PID 5020 wrote to memory of 3880	5020	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	93
PID 5012 wrote to memory of 3304	5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	94
PID 5012 wrote to memory of 3304	5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	94
PID 5012 wrote to memory of 3304	5012	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	94
PID 1316 wrote to memory of 2608	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	95
PID 1316 wrote to memory of 2608	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	95
PID 1316 wrote to memory of 2608	1316	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	95
PID 3784 wrote to memory of 516	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	96
PID 3784 wrote to memory of 516	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	96
PID 3784 wrote to memory of 516	3784	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	96
PID 244 wrote to memory of 5040	244	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	97
PID 244 wrote to memory of 5040	244	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	97
PID 244 wrote to memory of 5040	244	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	97
PID 4920 wrote to memory of 2908	4920	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	98
PID 4920 wrote to memory of 2908	4920	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	98
PID 4920 wrote to memory of 2908	4920	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	98
PID 5068 wrote to memory of 3652	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	99
PID 5068 wrote to memory of 3652	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	99
PID 5068 wrote to memory of 3652	5068	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	99
PID 3112 wrote to memory of 2992	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	100
PID 3112 wrote to memory of 2992	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	100
PID 3112 wrote to memory of 2992	3112	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	100
PID 2176 wrote to memory of 1604	2176	3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe	101

C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3112
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        9⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:19368
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:19516
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:20436
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:19460
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:19044
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:21912
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:18828
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:21824
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:20996
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:21648
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20428
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:21688
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:18904
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:20988
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:19724
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:3408
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20620
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:15604
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:18132
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:18088
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:11008
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:16024
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3784
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:20980
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20188
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:21056
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19072
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:244
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:21832
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19924
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16840
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:516
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:512
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:21696
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:10432
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:2232
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:1440
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:11048
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:16108
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:21848
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:18820
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16920
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:19792
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20900
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:19716
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:18148
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:17604
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:10904
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:15808
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        6⤵
        
        PID:20740
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20756
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20696
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:17852
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6744
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:11460
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:16608
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
        5⤵
        
        PID:20844
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:6316
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:17824
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:18104
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:15832
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:21856
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:6116
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:14464
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:13532
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:9028
- - C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
    3⤵
    PID:8392
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:12236
- C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8d33419b188a3b0c904efe5acdb8dfb3f45ad82e59cbb0f86a478671054a73_NeikiAnalytics.exe"
  2⤵
  PID:18096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude blowjob voyeur latex .zip.exe

Filesize
1.4MB

MD5
74f3d77e124efd7f3eb48ebf4a91fd66

SHA1
3a115d54d9709188a6f83c6b27ae66ca6f3063d1

SHA256
50eca6ca1b2797cde27e688dee31f41b6bfdb845c591348aee43c2f0aba84bc4

SHA512
3cd6fec0a8844a0738bf8a24e1c5ba9d3a936b13e3f80b5de9e1bd5cd9aafe7de58c6256613db6ff185fd549445226ae3bfc385cc4d97b2962ff207b6a56bae6

Download Submit
C:\debug.txt

Filesize
146B

MD5
5c2b30897935ad5524d9246b53883bab

SHA1
aeacf321e5c397db4a33a28840a6a01fc69fbef3

SHA256
a73c95857faea97daf15331075a21f3eb36c0e25d44d932a18e1ee5e2d68106b

SHA512
69e93bcb53d6a0a9d660e0d503c792145e8f875ddc5c605c5fd8189609bcf95ba8608ab0a972fcfe16d749707f487745436d7e4f520d2597226e61fdb49442db

Download Submit