45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612

Analysis

max time kernel
15s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Size

1.6MB
MD5

5e76d041c384144eb7f4edd4c9e49b80
SHA1

0fe6914b6a5fffc7f7ec644b8e26994d5a99051a
SHA256

45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612
SHA512

1597d9c8151a6836eb7295f245f51c2bb23c2f5f716e360d483eb2baf35ae7f587f76cb43a187dea1c421215ca5b9950db5f4e6c394f594c41365de9bf9c9723
SSDEEP

24576:CIypCI6cTAMTCKWyrq4gJaZrNBmz3CU5G8BVF2usnc9DBZ8tVnRgaIFgbyqFpu:CIytTmHyca5Ncz3X5DVF2tchmcIyqG

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\K:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\M:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\O:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\R:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\S:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\W:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\H:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\J:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\L:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\E:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\P:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\X:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\A:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\G:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\N:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\T:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\U:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\V:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File opened (read-only)	\??\B:	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling action public bedroom (Sonja,Sandy).zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob voyeur Ôï .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian trambling catfight nipples .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\black nude [free] hole castration (Sarah).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse beast sleeping (Gina,Sonja).avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian animal public stockings .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese kicking [bangbus] glans (Jenna).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese trambling fetish public 40+ .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian handjob cum uncut .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\malaysia animal full movie vagina black hairunshaved .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian beastiality hidden high heels .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american gay lesbian .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\horse licking .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\asian sperm [free] (Anniston,Sarah).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\horse animal public feet .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\handjob animal hidden penetration .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\blowjob nude girls boobs .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\norwegian cumshot lesbian leather (Tatjana).zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\handjob gay public ejaculation .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish nude masturbation ash .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\american sperm hot (!) hole ash (Ashley,Britney).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian horse full movie .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish gang bang [bangbus] leather .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish trambling xxx catfight glans (Sarah,Jenna).zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang cum [milf] cock (Kathrin,Sandy).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian trambling masturbation titts sm .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\cum big (Anniston).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\british gang bang gay voyeur fishy (Samantha,Jade).avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake kicking public .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast lesbian boobs .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\gay big girly .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling masturbation (Sylvia,Jenna).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\french beastiality horse [bangbus] bedroom (Sarah,Sonja).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african blowjob horse licking legs stockings .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian action [free] (Sylvia).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american horse gay girls femdom .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum public vagina (Jenna,Anniston).mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\animal beast voyeur .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian trambling voyeur ejaculation .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\brasilian fucking hardcore [milf] cock latex .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\nude gang bang voyeur sweet .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\gay handjob [milf] (Samantha,Sarah).mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\brasilian xxx lingerie girls (Janette,Sandy).avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\french lesbian [free] .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\african porn public glans shower .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\danish cumshot sperm voyeur glans blondie .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\animal action hot (!) blondie .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\norwegian animal lesbian sleeping (Sandy).zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian kicking big (Jenna).mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\danish lingerie porn girls vagina sweet (Sarah,Gina).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish hardcore public shower (Ashley,Kathrin).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\sperm [bangbus] .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\brasilian nude hardcore big .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\lingerie kicking catfight .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx cumshot uncut latex (Ashley).zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\german bukkake [free] stockings (Jade).mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\lesbian licking YEâPSè& .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese cum hidden .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\gang bang fucking [bangbus] .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cum uncut blondie .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\sperm beast [bangbus] gorgeoushorny .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\kicking several models .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\japanese fucking sperm public 50+ .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\horse beast masturbation vagina .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling sleeping vagina lady .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\american sperm big .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\security\templates\german sperm hidden vagina shoes .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american lesbian lingerie full movie (Curtney).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beastiality lingerie licking cock 50+ (Janette).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\japanese horse hidden (Sylvia).mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\indian porn beast hot (!) .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\brasilian animal bukkake masturbation mature .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\spanish fetish kicking public nipples stockings .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish cum hardcore several models .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\american fucking public bedroom .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\russian cum porn big ash (Curtney).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\blowjob nude uncut .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\american nude lesbian catfight .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\spanish fetish lesbian penetration .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\gay catfight .mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\hardcore fucking catfight .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\japanese blowjob big nipples balls .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\swedish xxx lesbian girly (Sarah).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french handjob uncut latex .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\beast girls boobs sm (Jenna,Britney).mpg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\cumshot horse big redhair .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\fetish catfight shoes .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese horse several models girly .rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\german hardcore horse girls black hairunshaved (Samantha,Tatjana).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\fetish lingerie [free] bedroom (Melissa,Christine).rar.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\tyrkish lesbian action several models 50+ .zip.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\german porn lingerie girls .mpeg.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian cumshot girls YEâPSè& .avi.exe	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3308	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3308	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
452	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
452	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4672	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4672	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4516	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4516	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3752	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3752	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
5104	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
5104	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3948	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
3948	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 3480	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	81
PID 4600 wrote to memory of 3480	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	81
PID 4600 wrote to memory of 3480	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	81
PID 3480 wrote to memory of 3992	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	82
PID 3480 wrote to memory of 3992	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	82
PID 3480 wrote to memory of 3992	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	82
PID 4600 wrote to memory of 2556	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	83
PID 4600 wrote to memory of 2556	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	83
PID 4600 wrote to memory of 2556	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	83
PID 3480 wrote to memory of 4624	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	84
PID 3480 wrote to memory of 4624	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	84
PID 3480 wrote to memory of 4624	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	84
PID 4600 wrote to memory of 3028	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	85
PID 4600 wrote to memory of 3028	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	85
PID 4600 wrote to memory of 3028	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	85
PID 3992 wrote to memory of 1584	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	86
PID 3992 wrote to memory of 1584	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	86
PID 3992 wrote to memory of 1584	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	86
PID 2556 wrote to memory of 4760	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	87
PID 2556 wrote to memory of 4760	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	87
PID 2556 wrote to memory of 4760	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	87
PID 3480 wrote to memory of 3308	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	88
PID 3480 wrote to memory of 3308	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	88
PID 3480 wrote to memory of 3308	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	88
PID 4624 wrote to memory of 452	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	89
PID 4624 wrote to memory of 452	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	89
PID 4624 wrote to memory of 452	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	89
PID 4600 wrote to memory of 2624	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	90
PID 4600 wrote to memory of 2624	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	90
PID 4600 wrote to memory of 2624	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	90
PID 3992 wrote to memory of 4672	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	91
PID 3992 wrote to memory of 4672	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	91
PID 3992 wrote to memory of 4672	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	91
PID 2556 wrote to memory of 624	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	92
PID 2556 wrote to memory of 624	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	92
PID 2556 wrote to memory of 624	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	92
PID 3028 wrote to memory of 4516	3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	93
PID 3028 wrote to memory of 4516	3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	93
PID 3028 wrote to memory of 4516	3028	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	93
PID 1584 wrote to memory of 3752	1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	94
PID 1584 wrote to memory of 3752	1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	94
PID 1584 wrote to memory of 3752	1584	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	94
PID 4760 wrote to memory of 5104	4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	95
PID 4760 wrote to memory of 5104	4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	95
PID 4760 wrote to memory of 5104	4760	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	95
PID 4624 wrote to memory of 3948	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	96
PID 4624 wrote to memory of 3948	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	96
PID 4624 wrote to memory of 3948	4624	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	96
PID 3480 wrote to memory of 4860	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	97
PID 3480 wrote to memory of 4860	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	97
PID 3480 wrote to memory of 4860	3480	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	97
PID 3308 wrote to memory of 3740	3308	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	98
PID 3308 wrote to memory of 3740	3308	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	98
PID 3308 wrote to memory of 3740	3308	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	98
PID 4600 wrote to memory of 1944	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	99
PID 4600 wrote to memory of 1944	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	99
PID 4600 wrote to memory of 1944	4600	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	99
PID 3992 wrote to memory of 1932	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	100
PID 3992 wrote to memory of 1932	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	100
PID 3992 wrote to memory of 1932	3992	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	100
PID 2556 wrote to memory of 800	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	101
PID 2556 wrote to memory of 800	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	101
PID 2556 wrote to memory of 800	2556	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	101
PID 452 wrote to memory of 3104	452	45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13552
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13680
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14320
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14420
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10192
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:14280
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13456
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13712
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13180
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:8728
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10136
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:13448
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        6⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13728
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14240
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:3908
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10320
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:14556
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13748
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
        5⤵
        
        PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14272
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:13004
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:8736
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10120
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:13440
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:16196
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:15016
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:8436
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10256
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:14296
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
      4⤵
      PID:14672
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:10080
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:12832
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:6368
- - C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
    3⤵
    PID:13036
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:8528
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:10168
- C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\45357f3ed22c3ff44e2839b42ad043ed1f31ddbeab76e8a1d08dd02be7f48612_NeikiAnalytics.exe"
  2⤵
  PID:14444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish trambling xxx catfight glans (Sarah,Jenna).zip.exe

Filesize
1.8MB

MD5
cc4ffc724ac502efa30cf563e39a9903

SHA1
1ab2d58d0fe18040cda54823f62fc6d33db33344

SHA256
835be140bc709986b5d56a993bd42057d6a17d0a2ad6b43b015843225b151e43

SHA512
1a856c55644cfc649639021f34806df1061060eb236299dcb48db22b48d4c21f1948a74ab8167a8309271390bba50a3a4d18aff042380b57ee3f4df64db90b88

Download Submit