39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a

Analysis

max time kernel
13s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 23:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Size

958KB
MD5

6b8cdb588ca7b4f5bfee956612f583d0
SHA1

9b48475d359a8bf889076e67473b6038311673e9
SHA256

39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a
SHA512

e4d2937a138a81771635224c992f88e6981d4b8f0d2cac1d9f302bc9bd5131eb71fcdf330f2e0add7eac2cc6635c52fb9ee389162d8df1fbc4b0c7c004b701e1
SSDEEP

24576:2wS1BlbQULy8fB/Q4uNyb8gZ/Pnu+uoNh09ehFPSXo:hSvlksy8fKBwpZlRNyq64

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\L:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\M:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\T:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\W:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\X:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\A:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\O:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\P:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\R:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\H:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\J:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\K:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\S:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\U:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\V:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\E:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\G:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\I:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\N:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm full movie .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking uncut cock fishy (Karin,Janette).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob voyeur (Kathrin).mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\malaysia sperm public (Anniston,Jade).mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black action trambling several models wifey .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\black sperm cumshot girls feet balls .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german nude sleeping hairy .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american gay lesbian .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\african beastiality cum voyeur vagina (Gina,Anniston).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast fucking licking vagina shower (Anniston).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality nude [bangbus] ash .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake uncut feet .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\black fetish blowjob [bangbus] ash .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish cum sleeping feet blondie .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british nude blowjob voyeur shower .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african gang bang full movie hole .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\kicking voyeur vagina (Melissa).mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\black horse cum masturbation ash gorgeoushorny .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\fucking lesbian [milf] hole balls (Curtney,Jade).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african trambling blowjob [milf] cock gorgeoushorny (Gina,Kathrin).mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie hidden Œã .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie blowjob masturbation sm (Tatjana).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\gang bang beastiality [milf] .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian lingerie lingerie voyeur vagina .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\lingerie girls castration .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake big penetration (Jade,Sarah).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx [milf] 50+ .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm horse [milf] .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\cum licking vagina .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian horse [milf] nipples bondage .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\action trambling [bangbus] boobs latex .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\norwegian sperm [free] hairy .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\canadian gay catfight .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\indian gay hot (!) vagina bondage .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish trambling fucking voyeur .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\gay fucking [milf] cock lady .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\action beast [milf] boots .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian sperm nude full movie ash .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\german porn animal voyeur .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fetish xxx hidden bondage .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm fucking [milf] glans bedroom .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\bukkake handjob several models .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\black lingerie fetish sleeping 40+ .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian nude gang bang girls stockings .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\trambling catfight .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian action porn lesbian traffic .rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\german horse public stockings (Sonja).avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\tyrkish blowjob hidden (Gina,Melissa).mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore big femdom (Curtney,Jade).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling cum hot (!) .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\norwegian handjob hot (!) boobs (Britney).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\spanish kicking licking ash young (Jenna,Melissa).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\security\templates\malaysia hardcore licking legs .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african porn beastiality several models vagina shower .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian xxx cum catfight .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\canadian lingerie hidden feet wifey .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish cumshot lesbian titts girly (Jenna).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian gay horse lesbian black hairunshaved .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish trambling bukkake sleeping ìó (Sonja).mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\hardcore masturbation redhair .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\norwegian horse lesbian [free] high heels .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\german horse action [milf] ash (Sonja).mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian sperm animal lesbian gorgeoushorny .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\african fucking kicking big vagina mistress .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\chinese trambling [bangbus] .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\action lesbian voyeur hotel .rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\handjob hardcore full movie mature (Jade,Kathrin).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lesbian uncut sweet .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\russian trambling hot (!) balls .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\black beast hardcore uncut boobs black hairunshaved .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\lesbian fucking public vagina stockings (Britney,Anniston).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\swedish cumshot kicking public .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cumshot action hidden .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\spanish xxx fetish hot (!) glans .rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\british horse cumshot uncut legs sweet .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish animal licking feet 50+ .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\spanish action voyeur .rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\german sperm cum girls .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese trambling cumshot hidden bondage .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\blowjob handjob hidden black hairunshaved .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian blowjob girls fishy .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\chinese action public legs blondie .zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\italian fucking horse sleeping .mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lingerie several models (Sylvia).avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\indian action horse hot (!) boobs (Gina,Britney).zip.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse licking .rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\horse [milf] boots .avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\japanese hardcore porn voyeur (Sonja).mpg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\british horse fetish hidden black hairunshaved (Karin).avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese fetish xxx hidden .mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\nude uncut nipples (Curtney,Christine).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\cum lesbian 50+ (Melissa,Samantha).rar.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\cumshot [bangbus] (Karin,Jade).avi.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\trambling action catfight hairy (Karin,Ashley).mpeg.exe	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
3808	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4512	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
3808	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4512	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4888	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4888	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2344	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2344	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2020	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2020	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
3968	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
3968	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4312	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4312	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2748	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2748	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4552	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
4552	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2696	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	81
PID 1200 wrote to memory of 2696	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	81
PID 1200 wrote to memory of 2696	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	81
PID 2696 wrote to memory of 4620	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	82
PID 2696 wrote to memory of 4620	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	82
PID 2696 wrote to memory of 4620	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	82
PID 1200 wrote to memory of 1896	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	83
PID 1200 wrote to memory of 1896	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	83
PID 1200 wrote to memory of 1896	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	83
PID 1200 wrote to memory of 2556	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 2556	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	86
PID 1200 wrote to memory of 2556	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	86
PID 2696 wrote to memory of 1780	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	87
PID 2696 wrote to memory of 1780	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	87
PID 2696 wrote to memory of 1780	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	87
PID 4620 wrote to memory of 1676	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	88
PID 4620 wrote to memory of 1676	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	88
PID 4620 wrote to memory of 1676	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	88
PID 1896 wrote to memory of 2908	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	89
PID 1896 wrote to memory of 2908	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	89
PID 1896 wrote to memory of 2908	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	89
PID 1780 wrote to memory of 3808	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	92
PID 1780 wrote to memory of 3808	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	92
PID 1780 wrote to memory of 3808	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	92
PID 2696 wrote to memory of 4512	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	93
PID 2696 wrote to memory of 4512	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	93
PID 2696 wrote to memory of 4512	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	93
PID 1200 wrote to memory of 4888	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	94
PID 1200 wrote to memory of 4888	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	94
PID 1200 wrote to memory of 4888	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	94
PID 2556 wrote to memory of 2344	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	95
PID 2556 wrote to memory of 2344	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	95
PID 2556 wrote to memory of 2344	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	95
PID 4620 wrote to memory of 2020	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	96
PID 4620 wrote to memory of 2020	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	96
PID 4620 wrote to memory of 2020	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	96
PID 1896 wrote to memory of 3968	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	97
PID 1896 wrote to memory of 3968	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	97
PID 1896 wrote to memory of 3968	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	97
PID 1676 wrote to memory of 4312	1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	98
PID 1676 wrote to memory of 4312	1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	98
PID 1676 wrote to memory of 4312	1676	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	98
PID 2908 wrote to memory of 2748	2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	99
PID 2908 wrote to memory of 2748	2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	99
PID 2908 wrote to memory of 2748	2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	99
PID 1780 wrote to memory of 4552	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	101
PID 1780 wrote to memory of 4552	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	101
PID 1780 wrote to memory of 4552	1780	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	101
PID 2696 wrote to memory of 2188	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	102
PID 2696 wrote to memory of 2188	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	102
PID 2696 wrote to memory of 2188	2696	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	102
PID 1200 wrote to memory of 1736	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	103
PID 1200 wrote to memory of 1736	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	103
PID 1200 wrote to memory of 1736	1200	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	103
PID 2556 wrote to memory of 4384	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	104
PID 2556 wrote to memory of 4384	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	104
PID 2556 wrote to memory of 4384	2556	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	104
PID 4620 wrote to memory of 3892	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	105
PID 4620 wrote to memory of 3892	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	105
PID 4620 wrote to memory of 3892	4620	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	105
PID 1896 wrote to memory of 3332	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	106
PID 1896 wrote to memory of 3332	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	106
PID 1896 wrote to memory of 3332	1896	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	106
PID 2908 wrote to memory of 4752	2908	39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe	107

C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        9⤵
        
        PID:22116
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:19476
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19780
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:20720
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19524
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22876
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:22820
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:21432
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22216
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:24112
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:22336
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19484
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22224
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22248
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22232
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22168
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19560
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:23472
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:23264
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21296
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20136
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:22720
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19516
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:20744
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22796
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21288
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6632
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22644
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20100
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22328
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20060
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22804
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21280
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19604
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21892
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:18284
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22636
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20004
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:22240
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19508
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:23596
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17988
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17852
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:18352
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:16360
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:23488
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:20640
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:19956
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20632
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22376
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19872
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:21412
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22868
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21440
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:22660
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:18500
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:23480
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:23256
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17664
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:20688
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19340
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20216
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:20680
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22352
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19356
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:24096
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20728
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:5460
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22360
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19772
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:22844
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19844
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:22828
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19996
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:22852
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:23496
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17016
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:20928
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:13020
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:4260
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        7⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:24104
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22836
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:19124
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20616
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19348
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:19568
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21992
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:21264
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17844
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:11344
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:16464
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:16392
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        6⤵
        
        PID:22344
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:20208
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:20140
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:21256
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19596
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:22652
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:13480
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6212
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
        5⤵
        
        PID:22368
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:19500
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:15292
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:21136
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:13488
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:19468
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:4200
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:21540
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
      4⤵
      PID:8364
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:12940
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:18028
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:6944
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:12728
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:17896
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:8596
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:17904
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:11260
- - C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
    3⤵
    PID:22812
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\39cc3bd9dffe11403cb7c3a31d481ee4dc44308bd18ca9861f5755b271af710a_NeikiAnalytics.exe"
  2⤵
  PID:10484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish cum sleeping feet blondie .zip.exe

Filesize
1.5MB

MD5
a09a8438aa25b8d625e3fd5608440ae4

SHA1
e3de6bc2c03a43b0dc1a407fc58e2877d9cee321

SHA256
15a0b0574345f7a9509886e3c4b784ccaff6177459475bbcde840ffa7f737ed8

SHA512
1ad36588e32fcd7dd5ed31a2393c3f955dbf1450f3a2d252c398152754fd549e97b9ba7ef624847c57723e69ad57d5a1f9825d6868c7bf1f64fc4a9e337f4430

Download Submit