490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156

Analysis

max time kernel
16s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Size

1.4MB
MD5

8af00c79c5fbd11d9cb3ed0264c43610
SHA1

c5bd7f5e695946dcad1747469881c328180b0374
SHA256

490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156
SHA512

f36449c7bcf3b6e6e5db5a3caea5e71b01f2210b0397016dd436aeb15bb182fae70efeac664bf72fc2a492e3b3a9412e61509ae82382a3b739249a529f364969
SSDEEP

24576:2wVX7kwr8SMMy5BhSUgJEXzQL6v3B8AEwZd44JsGPSElKt3pHVqPC4:hVX7kwrjyzhSUg+XzQLO3BJEzuLXMt36

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\T:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\X:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\A:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\L:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\R:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\K:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\M:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\B:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\G:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\J:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\H:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\U:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\V:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\O:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\P:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\W:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\E:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\I:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File opened (read-only)	\??\N:	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian fetish fucking public glans femdom .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish animal lesbian uncut .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish gang bang gay [free] shoes .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian cumshot fucking uncut cock pregnant (Tatjana).mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish nude beast [bangbus] cock .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian fetish fucking full movie hole .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay licking glans high heels .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black action lesbian hidden castration .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black action sperm several models cock hairy .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish beastiality horse hidden black hairunshaved .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese gang bang gay [free] shoes .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian cumshot hardcore catfight hole shower .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\indian handjob beast full movie titts latex .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\blowjob hidden swallow (Christine,Sylvia).mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang horse [milf] glans hairy .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob voyeur feet .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling uncut redhair .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\black handjob lesbian licking glans upskirt (Sylvia).mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\bukkake [free] mature .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\indian action beast masturbation cock sweet .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\indian animal xxx big (Curtney).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm hot (!) glans (Jenna,Liz).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore girls cock .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake hot (!) glans (Britney,Sylvia).mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse hidden cock beautyfull .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\danish kicking beast uncut beautyfull .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish horse horse lesbian cock shoes .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish cumshot trambling several models pregnant .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese nude beast sleeping black hairunshaved .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian fetish blowjob sleeping upskirt .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\cumshot fucking sleeping cock girly (Sarah).zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm hot (!) cock .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\norwegian horse several models (Sarah).avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cumshot xxx masturbation blondie .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\swedish nude blowjob big feet YEâPSè& .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay hidden beautyfull .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\black fetish fucking big granny .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\asian horse big feet (Sonja,Karin).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian hardcore [milf] titts (Ashley,Liz).zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian girls shower (Christine,Tatjana).zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\handjob blowjob voyeur redhair .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\horse lesbian voyeur stockings .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american gang bang xxx voyeur glans leather (Sylvia).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french trambling several models upskirt .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\swedish handjob xxx uncut bedroom (Gina,Karin).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\sperm masturbation .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian cum hardcore girls .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\canadian lingerie lesbian .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french xxx licking penetration .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lesbian voyeur sm (Anniston,Janette).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\german blowjob full movie hole beautyfull .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\fucking sleeping feet shoes .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie [free] hole leather .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\tyrkish nude fucking big feet redhair .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\security\templates\japanese beastiality lesbian [free] gorgeoushorny .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american porn lingerie uncut titts mature (Karin).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\lingerie uncut mature (Jenna,Sylvia).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian nude blowjob public (Sylvia).avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german bukkake [milf] hole balls .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\black porn fucking public femdom .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\russian nude bukkake big .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast big titts latex (Janette).avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese hardcore voyeur ejaculation .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese gang bang gay sleeping feet bedroom .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lingerie sleeping traffic .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\german lingerie masturbation glans lady (Jade).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish nude lesbian girls (Jade).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\sperm girls glans wifey .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish porn gay full movie glans .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\malaysia lingerie catfight glans ejaculation .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\gay [bangbus] .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\brasilian fetish lingerie catfight cock .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish porn lesbian full movie feet .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\cumshot fucking [free] titts traffic .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\hardcore full movie redhair .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\norwegian lingerie sleeping titts mistress .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\action blowjob public cock balls .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\black fetish sperm uncut cock fishy .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\gay several models sm .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\german sperm lesbian feet bedroom .rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\american action lesbian full movie cock .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\fucking girls glans .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beast big .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish beastiality lesbian licking hairy .mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\spanish fucking full movie hole granny .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\beast public bedroom .avi.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\spanish lingerie uncut (Liz).rar.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese lesbian [free] wifey (Britney,Janette).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\handjob xxx [milf] (Sylvia).mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian cum sperm catfight granny (Sonja,Curtney).mpg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian horse blowjob full movie black hairunshaved .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\african lesbian licking lady .zip.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish trambling [free] sweet .mpeg.exe	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2968	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2968	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
384	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
384	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1836	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1836	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4212	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4212	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4756	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4756	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4736	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4736	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4992	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4992	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1840	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
1840	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1508	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	81
PID 1408 wrote to memory of 1508	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	81
PID 1408 wrote to memory of 1508	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	81
PID 1508 wrote to memory of 996	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	82
PID 1508 wrote to memory of 996	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	82
PID 1508 wrote to memory of 996	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	82
PID 1408 wrote to memory of 2284	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	83
PID 1408 wrote to memory of 2284	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	83
PID 1408 wrote to memory of 2284	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	83
PID 1408 wrote to memory of 1716	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	84
PID 1408 wrote to memory of 1716	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	84
PID 1408 wrote to memory of 1716	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	84
PID 996 wrote to memory of 2364	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	85
PID 996 wrote to memory of 2364	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	85
PID 996 wrote to memory of 2364	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	85
PID 1508 wrote to memory of 1532	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	86
PID 1508 wrote to memory of 1532	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	86
PID 1508 wrote to memory of 1532	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	86
PID 2284 wrote to memory of 4000	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	87
PID 2284 wrote to memory of 4000	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	87
PID 2284 wrote to memory of 4000	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	87
PID 1716 wrote to memory of 2968	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	88
PID 1716 wrote to memory of 2968	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	88
PID 1716 wrote to memory of 2968	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	88
PID 996 wrote to memory of 384	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	89
PID 996 wrote to memory of 384	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	89
PID 996 wrote to memory of 384	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	89
PID 1408 wrote to memory of 1836	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	90
PID 1408 wrote to memory of 1836	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	90
PID 1408 wrote to memory of 1836	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	90
PID 1508 wrote to memory of 4212	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	91
PID 1508 wrote to memory of 4212	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	91
PID 1508 wrote to memory of 4212	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	91
PID 2284 wrote to memory of 4756	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	92
PID 2284 wrote to memory of 4756	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	92
PID 2284 wrote to memory of 4756	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	92
PID 2364 wrote to memory of 4532	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	93
PID 2364 wrote to memory of 4532	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	93
PID 2364 wrote to memory of 4532	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	93
PID 1532 wrote to memory of 4736	1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	94
PID 1532 wrote to memory of 4736	1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	94
PID 1532 wrote to memory of 4736	1532	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	94
PID 4000 wrote to memory of 4992	4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	95
PID 4000 wrote to memory of 4992	4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	95
PID 4000 wrote to memory of 4992	4000	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	95
PID 2968 wrote to memory of 3720	2968	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	96
PID 2968 wrote to memory of 3720	2968	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	96
PID 2968 wrote to memory of 3720	2968	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	96
PID 996 wrote to memory of 1840	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	97
PID 996 wrote to memory of 1840	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	97
PID 996 wrote to memory of 1840	996	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	97
PID 1408 wrote to memory of 4848	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	98
PID 1408 wrote to memory of 4848	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	98
PID 1408 wrote to memory of 4848	1408	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	98
PID 1716 wrote to memory of 2564	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	99
PID 1716 wrote to memory of 2564	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	99
PID 1716 wrote to memory of 2564	1716	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	99
PID 1508 wrote to memory of 4016	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	100
PID 1508 wrote to memory of 4016	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	100
PID 1508 wrote to memory of 4016	1508	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	100
PID 2364 wrote to memory of 376	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	101
PID 2364 wrote to memory of 376	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	101
PID 2364 wrote to memory of 376	2364	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	101
PID 2284 wrote to memory of 3776	2284	490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:384
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:220
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4568
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:1876
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:908
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17364
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:18124
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7916
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:12284
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5196
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:1256
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17284
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:4708
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6184
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:10832
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:16908
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        7⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:428
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5976
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:21064
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:1588
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11956
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:444
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17380
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:18100
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:17228
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:3144
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:1196
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:22176
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:11892
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:17084
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17332
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:17252
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:12060
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:544
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
      4⤵
      PID:16840
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:12320
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4408
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:5956
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:12432
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:4816
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:8636
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:6140
- - C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
    3⤵
    PID:22184
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:12188
- C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\490d9f673ed03a0796cccd373717a6b0a0d26155d7d7005f5179f03e7863f156_NeikiAnalytics.exe"
  2⤵
  PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang horse [milf] glans hairy .mpg.exe

Filesize
1.5MB

MD5
51f68b9157c73ab4a14a906a2357209d

SHA1
99b310e8d0f16c6249313944fe0930ffa99f4fca

SHA256
7b5679d5e2ad753ec7adba4964786de0586a5c0e957aba5d0cf4ef623706d6c3

SHA512
23001470ca59fffcd1943aa8b7e6bb97772b6c2a7fec0dd2fd814f698e633d046d878feaf4acc955ddbf1d5e5c323ddeea4c242622a67d43e7cd32c0c4621ae2

Download Submit
C:\debug.txt

Filesize
146B

MD5
769120d0b5c92f2eb084ada11d940a3a

SHA1
b08931519bd927fd2c781754cb4034c709ae5c58

SHA256
74784c188a689e7f40c916ceb6cb91252710cafd074c8a2b461837b266a76193

SHA512
258364e833daf82891ef438a756e36604662e4c9c5edd5fb4c8afbb4326a9ab0b351d34d3f3b1deb262b368e785f7e681902e60d9abf50fc4b223766c674a36b

Download Submit