0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a

Resubmissions

28/06/2024, 22:57

240628-2w85aaxelj 7

28/06/2024, 19:29

240628-x7gryssgqj 7

Analysis

max time kernel
15s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Size

1.1MB
MD5

6c1132b92eaa64c4a90121cb4283dc60
SHA1

1b1e02699dade52a2cb52de28087dab5c61e91e9
SHA256

0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a
SHA512

02214ed8194daedf07d99892965d7aa1e789ff75dea2575017798c61b2e2177daf64195bc76011982ff98019b55440afe68d229cd15ca7e18d15b8855fe37f81
SSDEEP

24576:2w1prCyExwS4Ga7psz2eH1YvpLk8Qi+kWRhydKkQg+Aq5HRqNKRdW7:hT2wdGaIeVm2IydKkQ55HMP

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\H:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\W:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\S:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\E:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\U:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\fucking lesbian nipples upskirt .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese lesbian bukkake sleeping glans (Melissa,Ashley).rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse girls hairy .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese fucking several models lady .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm xxx public YEâPSè& .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish animal [free] hole high heels .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian animal kicking public mistress .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian nude girls (Jenna).mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\sperm licking nipples blondie .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm blowjob catfight .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian action cum licking femdom .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian bukkake [free] (Melissa,Sonja).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\canadian lesbian lesbian lesbian vagina fishy (Liz).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black blowjob kicking uncut hole shower (Samantha,Samantha).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish porn trambling voyeur .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\horse horse several models .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\chinese horse fucking public 40+ (Sonja,Samantha).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\asian xxx licking castration .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german lingerie gay catfight .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx full movie upskirt .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\chinese porn lingerie [milf] blondie (Melissa,Sarah).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british action blowjob licking beautyfull .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn lesbian hidden (Melissa,Samantha).mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish horse full movie (Janette).mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gang bang public .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish animal full movie sm .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay lesbian [free] mature .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian gang bang kicking full movie (Karin,Jenna).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african trambling [milf] fishy .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\black lingerie uncut vagina .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\spanish gay handjob masturbation .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cumshot hot (!) mistress (Kathrin,Sandy).rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese sperm fucking masturbation sweet .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\norwegian cumshot masturbation Ôï .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\gay beastiality lesbian (Jenna).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gang bang horse girls ash (Jade,Liz).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\action [milf] legs (Britney).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum hidden boobs .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\german blowjob [milf] bondage (Ashley,Anniston).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\cumshot horse catfight glans .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\russian kicking public black hairunshaved (Sonja).rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\spanish nude lesbian (Melissa,Sarah).mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\black action full movie shower (Ashley).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\nude hidden titts 50+ .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german kicking lingerie catfight sweet .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\beastiality catfight titts sweet .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\horse fucking girls .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\british horse kicking [free] 40+ .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\horse sperm catfight .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob sperm girls shoes (Liz).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\blowjob masturbation (Ashley).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\xxx several models (Samantha).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx lesbian .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cumshot porn [bangbus] legs high heels .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\animal fetish lesbian lady .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\asian cum hidden .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african gang bang hidden .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\lesbian action masturbation YEâPSè& .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\canadian blowjob cum catfight hole beautyfull .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\fetish cum sleeping penetration (Samantha,Jenna).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse hidden nipples granny .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cum action [bangbus] young (Kathrin).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum catfight balls (Gina).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish gay catfight black hairunshaved (Melissa,Tatjana).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\tyrkish animal girls .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\handjob horse [bangbus] nipples (Christine,Anniston).zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\british animal porn hidden femdom .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\indian fucking fucking [free] granny .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian trambling girls fishy .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian beastiality licking circumcision (Jade,Janette).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian lingerie cum catfight penetration .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian sperm voyeur latex .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia sperm [bangbus] swallow .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\swedish lesbian lesbian voyeur nipples femdom .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\blowjob trambling [bangbus] cock swallow .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\danish fetish uncut cock shoes .avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse cumshot [free] titts lady .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\kicking bukkake public pregnant .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\horse full movie (Sylvia,Sarah).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\swedish kicking lingerie licking stockings .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian horse trambling several models girly .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\handjob sleeping feet black hairunshaved .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\trambling cumshot public swallow (Melissa,Janette).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\handjob bukkake big .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese nude horse lesbian bedroom .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\gang bang horse girls fishy .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\nude horse public young (Sylvia,Sarah).avi.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse [milf] upskirt (Anniston).mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\indian fetish girls .mpg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian lesbian [free] vagina penetration .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish fucking sperm sleeping wifey .rar.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\gang bang uncut ejaculation .zip.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\black nude lesbian girly .mpeg.exe	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2444	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2444	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4916	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4916	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2260	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2260	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2624	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1780	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2624	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1780	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1236	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
1236	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4592	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4592	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4740	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4740	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3712	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
3712	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 1900	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	80
PID 5028 wrote to memory of 1900	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	80
PID 5028 wrote to memory of 1900	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	80
PID 1900 wrote to memory of 4864	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	81
PID 1900 wrote to memory of 4864	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	81
PID 1900 wrote to memory of 4864	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	81
PID 5028 wrote to memory of 2532	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	82
PID 5028 wrote to memory of 2532	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	82
PID 5028 wrote to memory of 2532	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	82
PID 4864 wrote to memory of 388	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	83
PID 4864 wrote to memory of 388	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	83
PID 4864 wrote to memory of 388	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	83
PID 1900 wrote to memory of 3196	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	84
PID 1900 wrote to memory of 3196	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	84
PID 1900 wrote to memory of 3196	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	84
PID 2532 wrote to memory of 4708	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	85
PID 2532 wrote to memory of 4708	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	85
PID 2532 wrote to memory of 4708	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	85
PID 5028 wrote to memory of 4452	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	86
PID 5028 wrote to memory of 4452	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	86
PID 5028 wrote to memory of 4452	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	86
PID 388 wrote to memory of 2444	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	87
PID 388 wrote to memory of 2444	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	87
PID 388 wrote to memory of 2444	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	87
PID 1900 wrote to memory of 1780	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	89
PID 1900 wrote to memory of 1780	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	89
PID 1900 wrote to memory of 1780	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	89
PID 5028 wrote to memory of 2260	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	90
PID 5028 wrote to memory of 2260	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	90
PID 5028 wrote to memory of 2260	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	90
PID 4864 wrote to memory of 4916	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	88
PID 4864 wrote to memory of 4916	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	88
PID 4864 wrote to memory of 4916	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	88
PID 2532 wrote to memory of 2624	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	91
PID 2532 wrote to memory of 2624	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	91
PID 2532 wrote to memory of 2624	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	91
PID 3196 wrote to memory of 1236	3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	92
PID 3196 wrote to memory of 1236	3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	92
PID 3196 wrote to memory of 1236	3196	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	92
PID 4708 wrote to memory of 4740	4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	93
PID 4708 wrote to memory of 4740	4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	93
PID 4708 wrote to memory of 4740	4708	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	93
PID 4452 wrote to memory of 4592	4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	94
PID 4452 wrote to memory of 4592	4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	94
PID 4452 wrote to memory of 4592	4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	94
PID 2444 wrote to memory of 3712	2444	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	97
PID 2444 wrote to memory of 3712	2444	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	97
PID 2444 wrote to memory of 3712	2444	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	97
PID 388 wrote to memory of 3728	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	99
PID 388 wrote to memory of 3728	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	99
PID 388 wrote to memory of 3728	388	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	99
PID 1900 wrote to memory of 1896	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	100
PID 1900 wrote to memory of 1896	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	100
PID 1900 wrote to memory of 1896	1900	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	100
PID 4864 wrote to memory of 4064	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	103
PID 4864 wrote to memory of 4064	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	103
PID 4864 wrote to memory of 4064	4864	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	103
PID 2532 wrote to memory of 4528	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	102
PID 2532 wrote to memory of 4528	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	102
PID 2532 wrote to memory of 4528	2532	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	102
PID 5028 wrote to memory of 3492	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	101
PID 5028 wrote to memory of 3492	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	101
PID 5028 wrote to memory of 3492	5028	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	101
PID 4452 wrote to memory of 4720	4452	0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe	104

C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        8⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11736
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12884
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12136
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11776
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11956
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12160
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:14716
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11200
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9164
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12196
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        7⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11712
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12240
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12188
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12180
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12304
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11300
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12600
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        6⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12056
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12152
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11876
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11392
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9240
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12248
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
        5⤵
        
        PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12204
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11588
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:11248
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9224
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12264
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  PID:3492
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:12400
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
      4⤵
      PID:8352
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9096
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12144
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:9940
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:12296
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  PID:6368
- - C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
    3⤵
    PID:11224
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  PID:9024
- C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0d07c6ae7c1186edd5d5bd6065cf36badfa3f882d3cdcfa5f47282d6a78c778a_NeikiAnalytics.exe"
  2⤵
  PID:11904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german lingerie gay catfight .rar.exe

Filesize
1.3MB

MD5
3589a6a3ceecea0ae22bfd87f534a6ce

SHA1
3fa49dfed8f84015cf4255efeeeac3db3c5f8bea

SHA256
9cb8583a37e6eec4d80e0464bfc964b6c40312f99159dfa98c416051f5618867

SHA512
aab759b2f8bd651ad461e2b130eb1cdb0d81c070f597bb6beb4c1071aadce8ddaf2280969e7c226bbe3b7a521c1e031bfd9abc103d1048320b7c4a45341da503

Download Submit