9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f

Analysis

max time kernel
11s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Size

1013KB
MD5

3da2ea6db0018e7b87468dd8b50c7230
SHA1

775bfc5d73486b161071ee870584e4219b04bc61
SHA256

9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f
SHA512

63d80ecfcd138d37f33481c142d780a4cb5d3c6a0d675fce6ee65ee429cbc30a3a0ea6216b845f051e4f2fcf3caf8e5cda3a96a6c6d480106cf9edbf8249449d
SSDEEP

24576:oWULhG4M6PkcOa/FNMI44Mq4lhCZvqrX1kBhZ7zoSJtt8kus:VghGKMcOar9M7lh+v21C7cSZ8kV

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\K:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\X:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\T:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\V:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\B:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\E:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\J:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\M:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\O:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\P:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\L:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\S:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\U:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\W:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\G:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\H:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\I:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\N:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File opened (read-only)	\??\R:	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian porn lingerie [free] .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum fucking voyeur feet pregnant (Samantha).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese handjob fucking hot (!) cock YEâPSè& (Sylvia).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black handjob fucking public .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie [bangbus] .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese cum bukkake voyeur gorgeoushorny .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian action trambling hidden shower .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish handjob bukkake sleeping sweet .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian animal xxx [milf] upskirt (Sandy,Sarah).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\handjob xxx voyeur bondage .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm public hole granny .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian masturbation feet traffic .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Updates\Download\blowjob several models .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian cum xxx girls black hairunshaved .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie sleeping feet balls .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{012F12C5-F267-46F5-BABE-4C602515640C}\EDGEMITMP_0327D.tmp\bukkake hot (!) (Jade).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\beast big hairy .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\italian gang bang lingerie masturbation upskirt .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish cumshot fucking sleeping (Melissa).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob hot (!) 50+ .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\beast licking hairy .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american cumshot bukkake big hole (Christine,Janette).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian cum trambling lesbian .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\danish nude trambling several models (Liz).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish horse fucking girls cock .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\horse masturbation gorgeoushorny .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\black fetish fucking hot (!) glans swallow .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian fetish lingerie several models feet bondage .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore hidden gorgeoushorny (Sonja,Sylvia).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx [free] (Sarah).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian horse trambling girls .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore lesbian .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\blowjob [bangbus] feet .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african sperm [bangbus] glans .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\fucking girls cock (Kathrin,Liz).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\chinese fucking big (Karin).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\german lingerie public cock .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian beastiality bukkake several models pregnant (Ashley,Liz).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian kicking gay lesbian glans .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\black gang bang hardcore [bangbus] (Samantha).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\black fetish horse public glans ash (Liz).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\hardcore licking .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french xxx licking circumcision .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\russian fetish lingerie hot (!) cock pregnant .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french lesbian catfight (Tatjana).mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\japanese cumshot xxx big cock .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\bukkake hot (!) glans hairy (Janette).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\brasilian animal hardcore [milf] (Liz).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish kicking sperm sleeping .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german lesbian catfight stockings .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\beast several models wifey .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian cum lingerie full movie YEâPSè& (Anniston,Tatjana).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\blowjob uncut glans granny (Sarah).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american nude sperm several models cock 50+ (Tatjana).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\black handjob blowjob uncut feet swallow .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\sperm uncut feet (Sonja,Sylvia).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\lingerie full movie cock (Ashley,Curtney).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking sperm licking .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\russian cum lingerie voyeur feet gorgeoushorny (Janette).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum blowjob voyeur glans swallow .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\danish porn bukkake masturbation shower .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beast several models cock .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\horse sperm hidden fishy .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\horse several models 40+ .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\american horse beast hot (!) feet shoes (Karin).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian animal hardcore voyeur cock fishy .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx big blondie .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian animal blowjob hot (!) glans .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian blowjob girls (Sarah).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\french hardcore masturbation glans (Kathrin,Sarah).zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse hidden (Jade).mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\german blowjob full movie shower .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\fetish hardcore full movie cock mature .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\italian cum hardcore girls shower (Ashley,Karin).rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\handjob lingerie big cock stockings .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\german blowjob licking wifey .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish porn horse hidden .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\danish animal hardcore girls young .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian gay [free] .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\african xxx sleeping cock .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\norwegian trambling girls glans .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\bukkake lesbian .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\spanish beast masturbation .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\beastiality horse [milf] circumcision .rar.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\action gay voyeur .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian nude bukkake full movie 40+ .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\russian beastiality bukkake masturbation glans shower .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\spanish fucking [free] ejaculation .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian nude sperm licking gorgeoushorny .avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\handjob hardcore public .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian fetish horse uncut bedroom .mpeg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\security\templates\black gang bang fucking uncut (Tatjana).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\lingerie voyeur circumcision (Jenna,Curtney).avi.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\xxx sleeping cock .mpg.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\porn lingerie uncut .zip.exe	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4404	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4404	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4380	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4380	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1512	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1512	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3300	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3300	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2472	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2472	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2952	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2952	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
5092	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
5092	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1612	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1612	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 2436	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	87
PID 3164 wrote to memory of 2436	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	87
PID 3164 wrote to memory of 2436	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	87
PID 2436 wrote to memory of 2564	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	90
PID 2436 wrote to memory of 2564	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	90
PID 2436 wrote to memory of 2564	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	90
PID 3164 wrote to memory of 2376	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	91
PID 3164 wrote to memory of 2376	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	91
PID 3164 wrote to memory of 2376	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	91
PID 2564 wrote to memory of 3004	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	94
PID 2564 wrote to memory of 3004	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	94
PID 2564 wrote to memory of 3004	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	94
PID 2436 wrote to memory of 3548	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	95
PID 2436 wrote to memory of 3548	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	95
PID 2436 wrote to memory of 3548	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	95
PID 2376 wrote to memory of 4596	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	96
PID 2376 wrote to memory of 4596	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	96
PID 2376 wrote to memory of 4596	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	96
PID 3164 wrote to memory of 1504	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	97
PID 3164 wrote to memory of 1504	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	97
PID 3164 wrote to memory of 1504	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	97
PID 3004 wrote to memory of 4404	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	99
PID 3004 wrote to memory of 4404	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	99
PID 3004 wrote to memory of 4404	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	99
PID 2564 wrote to memory of 4380	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	100
PID 2564 wrote to memory of 4380	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	100
PID 2564 wrote to memory of 4380	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	100
PID 2436 wrote to memory of 1512	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	101
PID 2436 wrote to memory of 1512	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	101
PID 2436 wrote to memory of 1512	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	101
PID 3548 wrote to memory of 3300	3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	102
PID 3548 wrote to memory of 3300	3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	102
PID 3548 wrote to memory of 3300	3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	102
PID 3164 wrote to memory of 2472	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	103
PID 3164 wrote to memory of 2472	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	103
PID 3164 wrote to memory of 2472	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	103
PID 4596 wrote to memory of 5092	4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	104
PID 4596 wrote to memory of 5092	4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	104
PID 4596 wrote to memory of 5092	4596	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	104
PID 2376 wrote to memory of 2952	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	105
PID 2376 wrote to memory of 2952	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	105
PID 2376 wrote to memory of 2952	2376	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	105
PID 1504 wrote to memory of 1612	1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	106
PID 1504 wrote to memory of 1612	1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	106
PID 1504 wrote to memory of 1612	1504	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	106
PID 3004 wrote to memory of 4916	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	107
PID 3004 wrote to memory of 4916	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	107
PID 3004 wrote to memory of 4916	3004	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	107
PID 4404 wrote to memory of 3532	4404	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	108
PID 4404 wrote to memory of 3532	4404	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	108
PID 4404 wrote to memory of 3532	4404	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	108
PID 2564 wrote to memory of 4992	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	109
PID 2564 wrote to memory of 4992	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	109
PID 2564 wrote to memory of 4992	2564	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	109
PID 4380 wrote to memory of 3228	4380	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	110
PID 4380 wrote to memory of 3228	4380	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	110
PID 4380 wrote to memory of 3228	4380	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	110
PID 2436 wrote to memory of 4164	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	111
PID 2436 wrote to memory of 4164	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	111
PID 2436 wrote to memory of 4164	2436	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	111
PID 3164 wrote to memory of 2292	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	112
PID 3164 wrote to memory of 2292	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	112
PID 3164 wrote to memory of 2292	3164	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	112
PID 3548 wrote to memory of 1056	3548	9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:24288
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:20956
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:23160
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:20392
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:22960
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:21196
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:23416
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:21652
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:20432
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:22608
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18588
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:24128
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:21508
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20120
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:23464
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:18632
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:22700
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20424
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:19772
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20988
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:23920
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:19764
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:24484
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:23892
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:20996
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23176
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:21892
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22708
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:21060
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22624
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18584
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:24120
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:23912
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:22272
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:11324
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:15024
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:18752
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        8⤵
        
        PID:21720
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:24492
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23472
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:19220
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:23032
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:22108
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20448
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:20972
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:23456
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18112
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:20508
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18516
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23200
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23876
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20016
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22580
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17372
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:21728
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22600
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:23392
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18624
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22424
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:20032
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:20128
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:11560
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:17116
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        7⤵
        
        PID:23128
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20768
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:21884
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20368
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22116
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:20376
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23904
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20408
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:19636
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22716
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:20416
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18300
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17240
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:10940
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:18020
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        6⤵
        
        PID:23168
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:20964
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18768
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:23136
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:18408
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:9424
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:12376
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:18244
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:2292
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:22684
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:17760
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:21644
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:10700
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:14540
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:18644
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:5444
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
        5⤵
        
        PID:24472
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:16884
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:20136
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
      4⤵
      PID:23480
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:15464
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:19740
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:7000
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:11300
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:14996
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:18728
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:8776
- - C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
    3⤵
    PID:20948
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:11168
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:13916
- C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9fb85c3173970079a71812eef6c8d194fcd9af218ba618dd57c7ef2bf761fb5f_NeikiAnalytics.exe"
  2⤵
  PID:20384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx [free] (Sarah).mpg.exe

Filesize
287KB

MD5
431f0c1f0ae1d03a29deaddfc5834cc8

SHA1
54874d26d77f4278f3d2daba0479d33bc76d0d9b

SHA256
da6c767d94e50087cfd3d5d613ad71297cab7a9db0be94db44901e3d554a8efe

SHA512
936562cc1f05c7fb054b7386f146ac8a234cfdd046c194de124a8a83e44a8bde84853663a8877882f6916897aa8fecffd9227594b24f5889e25ffd80baa56e35

Download Submit
memory/1056-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1504-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1612-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1648-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2292-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2376-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2436-49-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2472-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2564-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2952-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3164-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3300-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3324-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3420-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3532-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3548-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4380-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4596-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4916-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5092-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5144-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5168-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5252-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5296-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5380-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5388-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5396-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5404-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5412-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5444-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5460-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5468-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5476-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5484-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5492-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5792-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6236-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6292-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6300-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6332-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6340-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6368-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6392-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6460-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6656-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6740-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6748-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6800-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6836-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6852-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6880-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6928-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6936-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6992-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7000-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7008-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7032-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7272-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7524-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7532-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7540-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7564-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7688-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7696-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7704-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7716-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7724-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7744-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7752-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7824-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7832-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7840-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7848-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7872-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7924-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8280-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8296-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8344-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8432-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8484-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8588-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8604-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8696-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8776-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8848-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8856-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8908-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9160-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9168-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9240-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9276-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9284-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9384-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9408-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download