572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86

Analysis

max time kernel
146s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Size

793KB
MD5

ae450fe9e6bbb1b218a0c08c5b025780
SHA1

fd0bc63b51f54da85abc07b774bc339bf855f303
SHA256

572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86
SHA512

ccb035fc654438af5afb4b8a7b6adae39bfbd8278dd60abba41ba4b46e80458a5015857cd42971b532e5daf74fb8989075cd23523cffc2bc5dbd2d3607670344
SSDEEP

12288:A//vi9BrUbY5FjDwP+nlKPB7cCwj0R8TDgkyDZqfbwaL1R0uRFmRhJH:2wrwIDw2n30qTDgka0P1R0uX2LH

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 30 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\S:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\T:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\J:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\K:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\V:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\A:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\H:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\I:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\L:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\M:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\R:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\B:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\E:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\P:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\U:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\W:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\X:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\G:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File opened (read-only)	\??\O:	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\russian cum beast hidden YEâPSè& .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\norwegian blowjob voyeur .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black cumshot [bangbus] .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian beastiality lesbian several models .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\african gay voyeur .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [free] nipples .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cumshot [free] .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish fucking horse voyeur traffic .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german xxx cumshot voyeur (Liz,Karin).rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum blowjob several models leather .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm animal lesbian latex (Britney,Sylvia).zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm girls titts (Melissa,Kathrin).mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish beastiality horse licking nipples ejaculation .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese horse sleeping ash .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\sperm nude uncut ash .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian action beast voyeur hole shower (Gina).mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\indian beast beast full movie Ôï (Sylvia,Ashley).mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\beastiality cumshot catfight (Christine,Samantha).mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking bukkake [milf] bondage .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american gay hot (!) .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot porn several models black hairunshaved .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese cum lesbian [free] blondie .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian xxx fetish public femdom (Tatjana).mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm animal [milf] traffic .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american xxx sleeping feet high heels .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\black gang bang xxx voyeur boobs (Ashley,Samantha).mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian action hidden latex .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian animal blowjob catfight pregnant (Sarah,Tatjana).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german beast public castration (Anniston).mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\malaysia blowjob sleeping boobs fishy .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese cumshot trambling full movie blondie .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish sperm [bangbus] .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian lingerie public (Ashley,Janette).mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish porn uncut (Anniston,Jade).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cumshot hot (!) gorgeoushorny .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\blowjob lingerie [milf] .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\italian action [milf] .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\british lingerie fetish hot (!) redhair (Ashley).rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\chinese nude cum lesbian .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\handjob lesbian granny .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish porn porn licking swallow .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian porn uncut traffic .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\nude [bangbus] cock black hairunshaved .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\canadian bukkake hidden leather .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\american beast several models cock .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\black beast several models boobs mistress .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum sperm catfight (Christine).mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\spanish animal cumshot hot (!) legs .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\handjob horse sleeping (Karin,Kathrin).zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian horse hardcore catfight fishy .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse sleeping hole granny .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cumshot nude public shower .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian handjob fetish [free] (Kathrin).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian horse horse uncut high heels .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian beastiality big vagina .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\action fetish public swallow .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\cum gang bang [milf] stockings .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\kicking uncut nipples .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\trambling cum public (Melissa).rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\german lingerie kicking [free] boots .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\indian lingerie masturbation ash .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\canadian lingerie porn full movie lady .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian cum licking .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\british handjob hardcore public .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\cum trambling licking ash shoes (Ashley).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\fetish [free] ash mistress .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\malaysia bukkake voyeur ash shoes .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african cum voyeur boobs latex (Ashley,Sandy).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\kicking xxx licking Ôï .avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\fetish voyeur circumcision .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\italian animal girls shoes .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\beast licking .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\norwegian beast lesbian several models swallow .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse kicking big boobs swallow .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black hardcore animal catfight .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african cum fucking hot (!) mature .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\tyrkish handjob voyeur .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese animal [milf] latex .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\kicking hot (!) latex .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cumshot trambling catfight boobs (Sandy).mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\spanish xxx hardcore hidden hotel (Sandy,Kathrin).rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\gang bang lesbian .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\black bukkake gang bang hidden hairy (Sandy).avi.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia beastiality beastiality uncut swallow .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\chinese lesbian [free] (Christine,Curtney).zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\blowjob catfight nipples ash .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\bukkake sperm public nipples granny .zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\spanish cumshot catfight blondie .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\russian bukkake sleeping boobs (Karin,Britney).zip.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\malaysia lingerie lesbian [free] .mpg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\african lingerie cum [free] .rar.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\kicking several models glans shoes .mpeg.exe	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3204	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3204	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4816	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4816	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
800	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1300	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
800	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1300	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1172	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1172	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1304	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
1304	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2088	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2088	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3488	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3488	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4964	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
4964	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2196	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	81
PID 968 wrote to memory of 2196	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	81
PID 968 wrote to memory of 2196	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	81
PID 968 wrote to memory of 1236	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	82
PID 968 wrote to memory of 1236	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	82
PID 968 wrote to memory of 1236	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	82
PID 2196 wrote to memory of 5100	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	83
PID 2196 wrote to memory of 5100	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	83
PID 2196 wrote to memory of 5100	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	83
PID 2196 wrote to memory of 384	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	84
PID 2196 wrote to memory of 384	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	84
PID 2196 wrote to memory of 384	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	84
PID 968 wrote to memory of 4612	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	85
PID 968 wrote to memory of 4612	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	85
PID 968 wrote to memory of 4612	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	85
PID 1236 wrote to memory of 3000	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	86
PID 1236 wrote to memory of 3000	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	86
PID 1236 wrote to memory of 3000	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	86
PID 5100 wrote to memory of 2712	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	87
PID 5100 wrote to memory of 2712	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	87
PID 5100 wrote to memory of 2712	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	87
PID 2196 wrote to memory of 3204	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	88
PID 2196 wrote to memory of 3204	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	88
PID 2196 wrote to memory of 3204	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	88
PID 968 wrote to memory of 4816	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	89
PID 968 wrote to memory of 4816	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	89
PID 968 wrote to memory of 4816	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	89
PID 1236 wrote to memory of 800	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	90
PID 1236 wrote to memory of 800	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	90
PID 1236 wrote to memory of 800	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	90
PID 384 wrote to memory of 1300	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	91
PID 384 wrote to memory of 1300	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	91
PID 384 wrote to memory of 1300	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	91
PID 5100 wrote to memory of 1172	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	92
PID 5100 wrote to memory of 1172	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	92
PID 5100 wrote to memory of 1172	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	92
PID 4612 wrote to memory of 1304	4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	93
PID 4612 wrote to memory of 1304	4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	93
PID 4612 wrote to memory of 1304	4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	93
PID 3000 wrote to memory of 2088	3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	94
PID 3000 wrote to memory of 2088	3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	94
PID 3000 wrote to memory of 2088	3000	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	94
PID 2712 wrote to memory of 3488	2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	95
PID 2712 wrote to memory of 3488	2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	95
PID 2712 wrote to memory of 3488	2712	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	95
PID 3204 wrote to memory of 4964	3204	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	96
PID 3204 wrote to memory of 4964	3204	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	96
PID 3204 wrote to memory of 4964	3204	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	96
PID 2196 wrote to memory of 2264	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	97
PID 2196 wrote to memory of 2264	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	97
PID 2196 wrote to memory of 2264	2196	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	97
PID 968 wrote to memory of 4364	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	98
PID 968 wrote to memory of 4364	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	98
PID 968 wrote to memory of 4364	968	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	98
PID 384 wrote to memory of 2516	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	99
PID 1236 wrote to memory of 4848	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	100
PID 384 wrote to memory of 2516	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	99
PID 384 wrote to memory of 2516	384	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	99
PID 1236 wrote to memory of 4848	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	100
PID 1236 wrote to memory of 4848	1236	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	100
PID 5100 wrote to memory of 2520	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	101
PID 5100 wrote to memory of 2520	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	101
PID 5100 wrote to memory of 2520	5100	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	101
PID 4612 wrote to memory of 3408	4612	572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:968
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        Checks computer location settings
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        8⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6740
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:384
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:164
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:208
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:18988
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7624
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11340
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5456
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:412
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:3996
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7280
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:9868
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11612
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:1396
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6316
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:8448
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:9300
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:9348
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11644
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6396
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4584
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:8252
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:6208
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:9380
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11252
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6416
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  PID:4364
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
      4⤵
      PID:18980
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:9436
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11628
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:8960
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:12788
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6224
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:5196
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:11532
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:2484
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:6804
- - C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
    3⤵
    PID:6632
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:9292
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:11420
- C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\572979902794380c80219877540111fe0710bb2772cfb739e1bfd53c8caddd86_NeikiAnalytics.exe"
  2⤵
  PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish beastiality horse licking nipples ejaculation .zip.exe

Filesize
1.4MB

MD5
ba61bcfbd793501fbdd263ed4cf13217

SHA1
271d8e5a637c4f164288f2f025c2a9e79ebb4d3f

SHA256
c707e95cf80cb335ecfdb0201e1f2b460cf1380cd05338157b1ace1b89a5530a

SHA512
a6f660a03702d5bb9fb062de852d0d0018539a92f311859d48255c0b6247dd92a48e60bba291f492d0e215d5b671faf730f51efe7adaf5c1a496b2b982b8c525

Download Submit