72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba

Analysis

max time kernel
148s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Size

979KB
MD5

93f5c2119a2b227a2d749147436810e0
SHA1

d4550f4afc66f3bb43bed18c9f3d853fecb68ce4
SHA256

72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba
SHA512

b54b46603e055d67b6449c9e50d624b13d7cffa2a7c1aadf64de6c1c84d799f15743d5f19c1dd09eb9e237730ce06f0f24f43fb13fb0f4879e64db8ad9ecdcd7
SSDEEP

24576:sW/DCQ7qht0FFTF7TqCX1tBs5Ku2zh1ZdoBYl:BuWTqClTs5d2zhdoBM

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\R:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\W:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\X:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\B:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\G:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\H:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\J:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\P:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\T:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\U:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\A:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\E:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\K:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\M:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\O:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\S:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\V:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\I:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File opened (read-only)	\??\N:	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish nude bukkake big black hairunshaved .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese cum blowjob uncut fishy .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake licking castration .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse fucking full movie glans mistress .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese animal lesbian catfight cock (Gina,Curtney).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fucking hidden glans beautyfull (Karin).zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian handjob blowjob girls 50+ .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese gang bang sperm [bangbus] titts redhair .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish gang bang lingerie big feet swallow .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black fetish hardcore hidden bondage .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay uncut titts 40+ (Sylvia).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie licking titts leather (Sylvia).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\russian cumshot hardcore [free] upskirt .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fucking [free] titts .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore public hole shower .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish fetish gay public .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese gang bang gay big feet castration .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob [bangbus] (Tatjana).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian action lingerie masturbation hole bondage (Melissa).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling big glans .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\black handjob xxx [milf] .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\swedish porn fucking uncut glans .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian porn blowjob uncut hotel (Jenna,Curtney).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian full movie .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black gang bang beast big cock high heels (Jade).mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black handjob gay several models ejaculation .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\fucking [free] redhair .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling sleeping .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake girls hole beautyfull (Curtney).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia hardcore hidden femdom (Christine,Curtney).mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian porn hardcore [milf] hole .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\japanese beastiality bukkake several models hairy .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\trambling girls hairy (Britney,Samantha).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese gay lesbian glans black hairunshaved .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\malaysia hardcore sleeping mistress .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian fucking big ejaculation (Gina,Tatjana).mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lingerie [free] cock .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\swedish animal beast sleeping hole ash .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\cum lesbian lesbian hole beautyfull (Tatjana).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\sperm sleeping hole 50+ .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\horse hidden glans fishy .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british fucking hot (!) titts .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish gay big .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\kicking sperm [free] bedroom .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\indian cum blowjob [bangbus] glans fishy .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese horse xxx sleeping 40+ (Anniston,Sarah).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\swedish action blowjob hidden feet balls (Melissa).zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\canadian fucking girls castration (Jenna,Tatjana).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\chinese beast several models (Sarah).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\african horse licking redhair .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish fetish trambling girls hole .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\security\templates\xxx uncut upskirt .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\russian porn beast big balls .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\cumshot bukkake uncut cock high heels .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\blowjob [milf] glans .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese gang bang horse sleeping cock gorgeoushorny .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay public (Karin).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\japanese animal hardcore hidden ash .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\nude bukkake several models glans redhair (Tatjana).zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\xxx several models (Samantha).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish animal bukkake full movie cock .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\brasilian fetish fucking voyeur .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish hardcore voyeur titts granny .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\xxx [bangbus] .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\blowjob lesbian glans (Christine,Tatjana).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\animal sperm public glans redhair (Melissa).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\beast uncut .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish kicking gay masturbation cock blondie .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\italian animal lingerie big titts femdom (Karin).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\gang bang hardcore [bangbus] hairy (Sandy,Sarah).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\british blowjob hot (!) .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\porn lingerie masturbation swallow .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\french xxx [free] girly .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\swedish action trambling [milf] glans blondie .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob public cock (Sonja,Sylvia).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\russian cumshot gay [bangbus] .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\british fucking masturbation feet mistress (Melissa).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling masturbation .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\norwegian fucking lesbian cock .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british bukkake girls (Janette).avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\tyrkish animal bukkake masturbation feet boots .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\porn fucking public (Sylvia).rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\bukkake girls .avi.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\canadian hardcore public 50+ .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\fetish xxx catfight blondie .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\french xxx uncut sm .mpeg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\blowjob several models high heels (Sonja,Jade).mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\italian kicking sperm full movie feet .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish fetish beast voyeur .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian gang bang lesbian [milf] sm .zip.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\asian horse big .rar.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang trambling sleeping hairy .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake full movie titts bedroom .mpg.exe	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3872	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3872	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3444	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3444	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4880	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4880	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3884	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3884	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4576	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4576	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
980	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
980	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
1924	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
1924	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
860	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
860	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 4784	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	80
PID 3816 wrote to memory of 4784	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	80
PID 3816 wrote to memory of 4784	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	80
PID 4784 wrote to memory of 4400	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	81
PID 4784 wrote to memory of 4400	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	81
PID 4784 wrote to memory of 4400	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	81
PID 3816 wrote to memory of 4148	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	82
PID 3816 wrote to memory of 4148	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	82
PID 3816 wrote to memory of 4148	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	82
PID 4400 wrote to memory of 4144	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	85
PID 4400 wrote to memory of 4144	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	85
PID 4400 wrote to memory of 4144	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	85
PID 4784 wrote to memory of 4768	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	86
PID 4784 wrote to memory of 4768	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	86
PID 4784 wrote to memory of 4768	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	86
PID 3816 wrote to memory of 4952	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	87
PID 3816 wrote to memory of 4952	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	87
PID 3816 wrote to memory of 4952	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	87
PID 4148 wrote to memory of 2372	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	88
PID 4148 wrote to memory of 2372	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	88
PID 4148 wrote to memory of 2372	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	88
PID 4144 wrote to memory of 3872	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	91
PID 4144 wrote to memory of 3872	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	91
PID 4144 wrote to memory of 3872	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	91
PID 4400 wrote to memory of 3444	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	92
PID 4400 wrote to memory of 3444	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	92
PID 4400 wrote to memory of 3444	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	92
PID 4784 wrote to memory of 4880	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	93
PID 4784 wrote to memory of 4880	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	93
PID 4784 wrote to memory of 4880	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	93
PID 3816 wrote to memory of 4576	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	94
PID 3816 wrote to memory of 4576	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	94
PID 3816 wrote to memory of 4576	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	94
PID 4148 wrote to memory of 3884	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	95
PID 4148 wrote to memory of 3884	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	95
PID 4148 wrote to memory of 3884	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	95
PID 4768 wrote to memory of 980	4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	96
PID 4768 wrote to memory of 980	4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	96
PID 4768 wrote to memory of 980	4768	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	96
PID 4952 wrote to memory of 1924	4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	97
PID 4952 wrote to memory of 1924	4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	97
PID 4952 wrote to memory of 1924	4952	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	97
PID 2372 wrote to memory of 860	2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	98
PID 2372 wrote to memory of 860	2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	98
PID 2372 wrote to memory of 860	2372	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	98
PID 3872 wrote to memory of 668	3872	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	100
PID 3872 wrote to memory of 668	3872	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	100
PID 3872 wrote to memory of 668	3872	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	100
PID 4144 wrote to memory of 1292	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	101
PID 4144 wrote to memory of 1292	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	101
PID 4144 wrote to memory of 1292	4144	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	101
PID 4400 wrote to memory of 1584	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	102
PID 4400 wrote to memory of 1584	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	102
PID 4400 wrote to memory of 1584	4400	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	102
PID 4784 wrote to memory of 4760	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	103
PID 4784 wrote to memory of 4760	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	103
PID 4784 wrote to memory of 4760	4784	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	103
PID 3816 wrote to memory of 4556	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	104
PID 3816 wrote to memory of 4556	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	104
PID 3816 wrote to memory of 4556	3816	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	104
PID 4148 wrote to memory of 4864	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	105
PID 4148 wrote to memory of 4864	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	105
PID 4148 wrote to memory of 4864	4148	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	105
PID 3444 wrote to memory of 3984	3444	72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe	106

C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4784
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        9⤵
        
        PID:20808
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:18916
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:20788
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:20228
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20220
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:20832
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20340
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:22256
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:19852
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18004
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:20288
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:20992
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21004
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20816
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20620
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19524
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21536
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:21072
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21468
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20092
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12884
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18716
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:21032
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20548
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20824
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21104
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19516
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:20744
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:17804
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20356
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18324
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21080
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21088
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:20212
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20736
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:19432
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:3992
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:19884
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:12900
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:16184
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        8⤵
        
        PID:21524
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21552
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21128
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20280
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19904
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18264
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:19948
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18280
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:21048
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21120
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:19608
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:20204
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20052
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21544
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:21560
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11176
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:22240
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12560
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:20060
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:12860
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:18620
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        7⤵
        
        PID:20196
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:19860
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        6⤵
        
        PID:21112
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:21056
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12132
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:22232
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:17616
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:20084
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:12472
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:18248
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:22208
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20800
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:9400
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:20004
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18780
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:16608
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:11936
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:17064
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:4556
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
        5⤵
        
        PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:21568
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:18348
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:11112
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:16004
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:22216
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
      4⤵
      PID:20100
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:12908
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:19292
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:6860
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:17304
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:9164
- - C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
    3⤵
    PID:19960
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:12916
- C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\72f7d4daa2cad8e6833b2eafb1e67edbe682fb312d161153969aa9ee68f799ba_NeikiAnalytics.exe"
  2⤵
  PID:18592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black gang bang beast big cock high heels (Jade).mpeg.exe

Filesize
1.9MB

MD5
55d56f90cb43e5e82af5adbbbd3fe05e

SHA1
39ab0fd6268e0658669243c6ce1a7121775290c1

SHA256
5ae858edfd8400abd91d957380164ee3cc4188267126622bf1e019cafcaf461d

SHA512
cbf6006e26b2ed24c8057b462340b736bcee35235d133500c7360204b2e1b26e9d1e3a8f50f8924a9573f5d79bbbb4ef8c786342b6749996dc5cbbd8ff6f04be

Download Submit