6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8

Analysis

max time kernel
11s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Size

2.0MB
MD5

2188deb222a603f3e21f19a88b7a85e0
SHA1

57acd506ca8ce2c19f725954071a5ec7ba8eaa9d
SHA256

6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8
SHA512

5032202e052ca413cf0db3e0c01be0b207826bc1902e5dd80957d5a64809b7fbc928e9752970f68a10171bd9341191f2ec3161631f0aff845d979702efca51dd
SSDEEP

49152:VsqBdjRsi5PH19NjTIgBeNJub3WpO8q/tLSxnxuU5oQj3:7JV9NWNJUW891LKx9oQL

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\T:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\V:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\E:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\N:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\I:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\A:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\H:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\L:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\W:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\X:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\J:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\K:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\M:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\O:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\R:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\S:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\U:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\B:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File opened (read-only)	\??\G:	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse several models redhair .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese handjob fucking [free] penetration .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american beastiality horse sleeping glans .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian horse blowjob big .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish fetish lesbian hidden feet granny (Samantha).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian bukkake big high heels (Christine,Samantha).mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish porn lesbian masturbation feet latex .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie lesbian stockings (Sandy,Sarah).mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish cumshot blowjob [bangbus] .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore [bangbus] (Sylvia).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian beastiality fucking several models hole .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish horse blowjob hot (!) black hairunshaved .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian gang bang horse masturbation hole .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish kicking lesbian masturbation (Sylvia).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian lingerie sleeping feet traffic .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\blowjob [bangbus] cock pregnant (Liz).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\black fetish gay hot (!) feet .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian handjob fucking catfight sweet (Christine,Curtney).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast lesbian glans 40+ .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beast [bangbus] girly .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\brasilian handjob lingerie hidden (Liz).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay big glans .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian horse beast girls granny (Anniston,Tatjana).avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA671.tmp\italian cum lesbian hidden (Jade).avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian nude lingerie [free] leather .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\indian fetish blowjob full movie lady .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black horse bukkake big titts sm .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian cumshot sperm [milf] mistress (Kathrin,Karin).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm full movie mature .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\trambling [milf] .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\danish kicking sperm masturbation granny .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFD7095D-03FC-4A5C-948B-20FAB1B69302}\EDGEMITMP_4CFFA.tmp\swedish fetish horse uncut glans blondie .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\asian horse full movie titts granny .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian beast [bangbus] hole .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\security\templates\swedish action xxx [free] penetration (Sonja,Samantha).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\lesbian hot (!) .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cumshot gay catfight .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\nude hardcore lesbian cock .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\lingerie licking glans high heels (Liz).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish action fucking hidden lady .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese action beast several models (Liz).mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian gang bang trambling girls .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore [bangbus] bondage .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\black fetish fucking licking YEâPSè& .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx uncut feet mistress .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish fetish sperm uncut girly .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\japanese action xxx hidden .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish trambling hot (!) feet ash (Karin).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\bukkake licking .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\american cum lingerie big titts ash (Samantha).mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese cumshot lesbian catfight titts fishy .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\norwegian xxx [milf] glans .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cumshot beast [bangbus] granny .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish cumshot trambling lesbian (Karin).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese gay [bangbus] .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cum bukkake uncut feet sm .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\spanish lesbian several models granny .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black handjob lingerie masturbation feet 50+ (Melissa).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\indian porn beast lesbian pregnant .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african sperm sleeping ejaculation .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\japanese action sperm big feet penetration (Melissa).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish handjob xxx public bondage .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish beast lesbian cock (Jenna,Samantha).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse trambling licking pregnant .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cum gay [milf] Ôï .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast [milf] mature (Gina,Sarah).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\gay lesbian .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob lesbian hole .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\tyrkish animal lingerie licking titts .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\malaysia xxx masturbation (Janette).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\swedish nude sperm public sm .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian horse sperm uncut .zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black handjob blowjob [bangbus] (Curtney).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian gang bang horse sleeping .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\spanish blowjob big feet stockings .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\italian horse beast [bangbus] glans .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish beastiality bukkake licking feet wifey .avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian action horse [free] hotel .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum horse uncut .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\norwegian lingerie several models glans 50+ (Curtney).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish fetish sperm girls cock 40+ .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black cumshot trambling hot (!) (Melissa).avi.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian cumshot trambling several models feet mistress .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african sperm several models (Melissa).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african xxx hidden (Liz).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\hardcore hidden .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\british hardcore [milf] (Samantha).zip.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish beastiality hardcore catfight cock wifey (Curtney).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\danish fetish gay several models (Melissa).mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian cum lingerie licking cock femdom .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french lingerie sleeping hole .mpeg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast full movie cock Ôï .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\black animal trambling public (Sarah).rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\russian kicking horse [free] .mpg.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\american cum beast full movie titts .rar.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3868	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3868	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4460	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4460	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4292	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4292	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1844	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1844	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3384	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3384	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3124	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
3124	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4704	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4704	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
948	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
948	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3244	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	93
PID 2104 wrote to memory of 3244	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	93
PID 2104 wrote to memory of 3244	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	93
PID 3244 wrote to memory of 4404	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	98
PID 3244 wrote to memory of 4404	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	98
PID 3244 wrote to memory of 4404	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	98
PID 2104 wrote to memory of 4392	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	99
PID 2104 wrote to memory of 4392	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	99
PID 2104 wrote to memory of 4392	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	99
PID 2104 wrote to memory of 4716	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	100
PID 2104 wrote to memory of 4716	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	100
PID 2104 wrote to memory of 4716	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	100
PID 3244 wrote to memory of 4588	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	101
PID 3244 wrote to memory of 4588	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	101
PID 3244 wrote to memory of 4588	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	101
PID 4404 wrote to memory of 1828	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	102
PID 4404 wrote to memory of 1828	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	102
PID 4404 wrote to memory of 1828	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	102
PID 4392 wrote to memory of 4408	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	103
PID 4392 wrote to memory of 4408	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	103
PID 4392 wrote to memory of 4408	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	103
PID 4716 wrote to memory of 3868	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	105
PID 4716 wrote to memory of 3868	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	105
PID 4716 wrote to memory of 3868	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	105
PID 4404 wrote to memory of 4460	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	106
PID 4404 wrote to memory of 4460	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	106
PID 4404 wrote to memory of 4460	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	106
PID 3244 wrote to memory of 1844	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	107
PID 3244 wrote to memory of 1844	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	107
PID 3244 wrote to memory of 1844	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	107
PID 2104 wrote to memory of 4292	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	108
PID 2104 wrote to memory of 4292	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	108
PID 2104 wrote to memory of 4292	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	108
PID 4588 wrote to memory of 3384	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	109
PID 4588 wrote to memory of 3384	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	109
PID 4588 wrote to memory of 3384	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	109
PID 4392 wrote to memory of 3124	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	110
PID 4392 wrote to memory of 3124	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	110
PID 4392 wrote to memory of 3124	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	110
PID 1828 wrote to memory of 4704	1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	111
PID 1828 wrote to memory of 4704	1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	111
PID 1828 wrote to memory of 4704	1828	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	111
PID 4408 wrote to memory of 948	4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	112
PID 4408 wrote to memory of 948	4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	112
PID 4408 wrote to memory of 948	4408	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	112
PID 4716 wrote to memory of 2020	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	116
PID 4716 wrote to memory of 2020	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	116
PID 4716 wrote to memory of 2020	4716	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	116
PID 4404 wrote to memory of 2000	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	117
PID 4404 wrote to memory of 2000	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	117
PID 4404 wrote to memory of 2000	4404	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	117
PID 3244 wrote to memory of 4248	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	118
PID 3244 wrote to memory of 4248	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	118
PID 3244 wrote to memory of 4248	3244	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	118
PID 2104 wrote to memory of 5124	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	119
PID 2104 wrote to memory of 5124	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	119
PID 2104 wrote to memory of 5124	2104	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	119
PID 3868 wrote to memory of 5160	3868	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	120
PID 3868 wrote to memory of 5160	3868	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	120
PID 3868 wrote to memory of 5160	3868	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	120
PID 4588 wrote to memory of 5220	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	121
PID 4588 wrote to memory of 5220	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	121
PID 4588 wrote to memory of 5220	4588	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	121
PID 4392 wrote to memory of 5228	4392	6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3244
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:10792
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11248
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11288
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:13240
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8244
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:10852
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4392
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:10864
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11256
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11792
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:12368
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:13732
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8268
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:11108
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        6⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:10784
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11348
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:14232
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:13796
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:10816
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11672
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:12000
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:11064
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:11092
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  PID:5124
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8448
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:11532
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  PID:5800
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:11976
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  PID:7100
- - C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
    3⤵
    PID:2176
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  PID:8236
- C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6b7287d1e5622717576342f3eb095654a26ba8b188928a6b9cbaafa9b2e495b8_NeikiAnalytics.exe"
  2⤵
  PID:10936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian gang bang horse masturbation hole .avi.exe

Filesize
954KB

MD5
db942d9969619242fbe587fc36b089d9

SHA1
81f42c6fdb6c7da564ab91523929ee2befa2360f

SHA256
f406abf437566631cc3bb8f7783712bda4e3dc4ebf3b260887a32bb3e82c21d8

SHA512
dfd78c799a4bf3effc13e30eda4c25b6134a8bc87e82e83112513ad2adc8344e892ff21fddf5ba6a0f7d600add35e1165b196a971a291464bad5b3f71ab35c91

Download Submit