0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a

Analysis

max time kernel
16s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Size

1.1MB
MD5

10cb3c605191ea818dea74c28e9cbcd0
SHA1

9109f2a2ca9a4114c9f5becabfa7ff916a4e669f
SHA256

0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a
SHA512

cc272e59de39d6c868ddb8255aaa0076db31372c8b15f13a986b99282c1d447148602b3d10b3f13129251e154dc0722fb55cc5a544815d23c9f7bdec92ee13da
SSDEEP

24576:2wNoM837ZP8NSzZLup4FP2mc1OAj5/ae41blrpMqB4eAaWIvu/p2Q2Ej1BCs+t:hNoh37cSte4FPgOAjoe4xH7fqIQRBCsY

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\W:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\S:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\U:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\B:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\E:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian beast catfight stockings .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish gay big circumcision (Britney,Kathrin).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish gang bang public (Ashley,Janette).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling lesbian hairy .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish nude several models .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast nude public vagina circumcision .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian sperm blowjob hidden .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\norwegian fucking sperm catfight .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal voyeur wifey .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish gang bang kicking [bangbus] nipples girly .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish blowjob hardcore public .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\african porn nude catfight shower .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\russian handjob hidden hole ejaculation .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian handjob uncut sweet .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) cock .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\norwegian porn bukkake sleeping (Liz,Gina).avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\bukkake licking swallow .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish handjob masturbation (Sarah,Kathrin).rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\canadian bukkake horse sleeping bondage .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish fetish cumshot licking sweet .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\action hardcore big nipples .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn gang bang sleeping latex .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\german beastiality animal full movie .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\cum several models black hairunshaved (Sarah).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\malaysia trambling licking (Britney,Jenna).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\german horse hardcore catfight .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm uncut girly .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse lesbian .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african action catfight feet leather (Sonja,Jenna).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\porn several models ash shoes (Britney,Sandy).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\gay animal big legs latex (Kathrin).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake bukkake hidden (Anniston).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\british cum [milf] fishy .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\spanish handjob [milf] blondie (Britney,Sonja).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\gay girls boobs .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\xxx beastiality [bangbus] penetration (Kathrin,Sylvia).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\german beastiality lingerie [milf] feet granny .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\canadian action hidden 50+ (Jenna).avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese bukkake several models feet mistress .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\beast xxx licking .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gay gang bang girls (Kathrin,Gina).avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian sperm fucking hot (!) .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish handjob hot (!) boobs redhair .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\canadian xxx horse lesbian .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\tyrkish cumshot kicking public traffic .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality horse [milf] (Anniston,Tatjana).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gang bang lesbian big stockings .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\beastiality licking bedroom .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\beastiality [bangbus] stockings .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\beast several models fishy .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish hardcore porn lesbian redhair .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black fetish full movie girly .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\malaysia horse gang bang [bangbus] glans .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian lesbian cumshot sleeping .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\porn [milf] .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\indian trambling trambling hot (!) 40+ .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse sleeping granny (Sylvia).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\swedish animal masturbation traffic .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german gang bang voyeur boobs .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian blowjob nude masturbation shower .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\italian trambling hot (!) .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish sleeping ejaculation .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\horse [free] boobs redhair (Sonja,Sonja).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\malaysia beast blowjob lesbian .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french horse sperm sleeping (Gina).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\japanese fetish uncut mature .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish lingerie beastiality [free] legs blondie (Janette,Jade).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\black sperm gay licking hairy .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\gang bang xxx voyeur .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\russian gay lesbian feet traffic .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\russian beastiality gay public ash .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian nude horse uncut boobs balls .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese fetish bukkake hidden YEâPSè& .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\nude hidden .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\spanish horse sleeping .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\german lesbian lingerie full movie (Christine).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\italian gay bukkake catfight fishy .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish fetish masturbation .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse voyeur boobs shoes .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\spanish bukkake big nipples circumcision .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\action licking boobs swallow .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\xxx beast hidden legs castration (Anniston,Britney).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese bukkake blowjob masturbation swallow (Liz,Sandy).mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse beast lesbian (Anniston).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\cum hardcore [bangbus] leather .zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia bukkake [free] lady .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal big mistress (Gina).zip.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian action hardcore public shower (Sonja,Christine).rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german bukkake kicking full movie beautyfull .avi.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\porn horse voyeur leather .mpeg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\german handjob gang bang uncut bondage .rar.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish xxx horse catfight glans (Melissa).mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\danish kicking hot (!) .mpg.exe	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3536	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3536	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4336	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4336	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2196	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2196	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2344	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2344	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4696	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4696	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
684	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
684	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4184	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
4184	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2644	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2644	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
716	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
716	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 4504	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	81
PID 3116 wrote to memory of 4504	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	81
PID 3116 wrote to memory of 4504	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	81
PID 4504 wrote to memory of 1960	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	82
PID 4504 wrote to memory of 1960	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	82
PID 4504 wrote to memory of 1960	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	82
PID 3116 wrote to memory of 1548	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	83
PID 3116 wrote to memory of 1548	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	83
PID 3116 wrote to memory of 1548	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	83
PID 4504 wrote to memory of 440	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	84
PID 4504 wrote to memory of 440	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	84
PID 4504 wrote to memory of 440	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	84
PID 1960 wrote to memory of 5072	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	85
PID 1960 wrote to memory of 5072	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	85
PID 1960 wrote to memory of 5072	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	85
PID 3116 wrote to memory of 5096	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	86
PID 3116 wrote to memory of 5096	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	86
PID 3116 wrote to memory of 5096	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	86
PID 1548 wrote to memory of 2220	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	87
PID 1548 wrote to memory of 2220	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	87
PID 1548 wrote to memory of 2220	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	87
PID 1960 wrote to memory of 3536	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	88
PID 1960 wrote to memory of 3536	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	88
PID 1960 wrote to memory of 3536	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	88
PID 4504 wrote to memory of 4336	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	89
PID 4504 wrote to memory of 4336	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	89
PID 4504 wrote to memory of 4336	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	89
PID 440 wrote to memory of 2344	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	90
PID 440 wrote to memory of 2344	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	90
PID 440 wrote to memory of 2344	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	90
PID 3116 wrote to memory of 2196	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	91
PID 3116 wrote to memory of 2196	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	91
PID 3116 wrote to memory of 2196	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	91
PID 1548 wrote to memory of 4696	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	92
PID 1548 wrote to memory of 4696	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	92
PID 1548 wrote to memory of 4696	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	92
PID 5096 wrote to memory of 684	5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	93
PID 5096 wrote to memory of 684	5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	93
PID 5096 wrote to memory of 684	5096	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	93
PID 5072 wrote to memory of 4184	5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	94
PID 5072 wrote to memory of 4184	5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	94
PID 5072 wrote to memory of 4184	5072	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	94
PID 2220 wrote to memory of 2644	2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	95
PID 2220 wrote to memory of 2644	2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	95
PID 2220 wrote to memory of 2644	2220	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	95
PID 1960 wrote to memory of 716	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	96
PID 1960 wrote to memory of 716	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	96
PID 1960 wrote to memory of 716	1960	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	96
PID 4504 wrote to memory of 968	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	97
PID 4504 wrote to memory of 968	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	97
PID 4504 wrote to memory of 968	4504	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	97
PID 3116 wrote to memory of 3368	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	98
PID 3116 wrote to memory of 3368	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	98
PID 3116 wrote to memory of 3368	3116	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	98
PID 440 wrote to memory of 1000	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	99
PID 440 wrote to memory of 1000	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	99
PID 440 wrote to memory of 1000	440	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	99
PID 1548 wrote to memory of 2548	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	100
PID 1548 wrote to memory of 2548	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	100
PID 1548 wrote to memory of 2548	1548	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	100
PID 2196 wrote to memory of 2868	2196	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	101
PID 2196 wrote to memory of 2868	2196	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	101
PID 2196 wrote to memory of 2868	2196	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	101
PID 4336 wrote to memory of 1820	4336	0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe	102

C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4504
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:716
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12688
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12588
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12764
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12072
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12128
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:7848
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12316
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        7⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12652
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12696
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12240
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12184
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12192
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:7580
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12672
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        6⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12308
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:1736
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12452
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12104
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12772
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
        5⤵
        
        PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12248
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12300
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:7724
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12620
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  PID:3368
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12516
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
      4⤵
      PID:12792
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12532
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  PID:3432
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:8732
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12356
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  PID:5856
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:10668
- - C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
    3⤵
    PID:12168
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  PID:7816
- C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0ff8a49e1863e8ba9447275b25d425a4f9dc59be4bc8382e3f4939f159b1352a_NeikiAnalytics.exe"
  2⤵
  PID:12748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian handjob uncut sweet .mpeg.exe

Filesize
683KB

MD5
8f9bacc40c2539396f3400b9719deb65

SHA1
b95d0117b4e163d38ecbfd511d2117a79ba3565c

SHA256
cdd07bfa81bfef5203a3a37f5fedca9c4152464aa10475ce9ebbcb2218c51114

SHA512
b711a027a7156dd65e17a002f704a96dbdd1c1a9477de5459b1f15460cf1fc5b809a96d53a62894ed5a6ff1bfd7fa573b892458438d20cbe996565bdd6c46f8c

Download Submit