4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5

Analysis

max time kernel
15s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Size

1.6MB
MD5

5cb84315084f9645923bb3ef8f2338e0
SHA1

a13ee818aff9f64b3ee38d0b977d64d1ae678857
SHA256

4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5
SHA512

a2a7968a618b77da474d214ec75a55133f6781e84b98149ab8e56c17a2e28e4a5cc07bf121cd90d96a93decfda8fe66347da9b05d9ef35bc360c302254585e5c
SSDEEP

49152:nafZ8co+MwdIsLotILKX2gf0/Wt5/U/qA+EUu:mP53dI+oGG0Wt6bH1

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/956-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/files/0x0009000000023411-5.dat	upx
behavioral2/memory/404-33-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4692-153-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4268-154-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1196-181-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1052-182-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3300-183-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2228-184-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1808-185-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/864-187-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1092-189-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/956-188-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1972-191-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/404-190-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1596-186-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4312-192-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3856-194-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4692-193-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4920-196-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4268-195-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4680-199-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3808-201-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1868-202-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3108-204-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3300-203-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1052-200-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1196-198-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2228-205-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1808-207-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4000-209-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3228-208-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4100-206-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4644-212-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/864-211-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1596-210-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3084-213-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/432-215-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1972-216-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4164-220-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4428-222-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4468-226-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1868-225-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3808-224-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4680-223-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3856-219-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4920-221-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/224-218-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4312-217-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/1092-214-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4232-229-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3108-228-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4100-232-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3040-235-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4000-234-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3132-239-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/544-238-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3084-237-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4644-236-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/3228-233-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/452-241-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/224-242-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/2512-245-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/4164-244-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\E:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\N:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\W:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\G:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\I:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\J:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\M:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\O:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\T:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\K:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\U:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\V:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\X:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\A:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\H:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\L:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\P:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\R:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\S:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black porn bukkake [milf] feet boots .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cumshot blowjob masturbation bondage .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian porn beast several models titts young (Samantha).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse big cock pregnant .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum bukkake [free] .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian cum beast masturbation high heels .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian beastiality beast sleeping glans penetration .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish beastiality sperm uncut titts .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse trambling hot (!) circumcision .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling girls (Jade).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian animal blowjob several models stockings .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\blowjob big bondage .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish action xxx big mature (Jenna,Janette).avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian gang bang lingerie masturbation feet circumcision .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian fetish xxx voyeur 40+ .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm lesbian glans 50+ .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\italian gang bang xxx [bangbus] .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\american beastiality horse big blondie .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beast uncut cock .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum lingerie lesbian cock girly .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian action bukkake masturbation (Karin).zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian porn trambling [milf] glans .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish horse fucking catfight hotel .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese handjob lesbian girls .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese nude xxx [bangbus] hole mistress (Samantha).rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie voyeur ash .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling uncut 50+ .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american action lesbian [free] hole .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\swedish kicking hardcore uncut boots (Sonja,Sarah).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian gang bang trambling sleeping (Liz).avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish fetish fucking [bangbus] .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian action lingerie girls titts bondage (Sylvia).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\asian horse voyeur .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian bukkake girls boots (Sonja,Sylvia).avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\asian beast [bangbus] ejaculation .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia beast several models .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\blowjob big .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cumshot horse masturbation YEâPSè& .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\handjob beast big titts hotel (Liz).zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\animal blowjob [free] hole traffic .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish cum horse girls pregnant .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american action trambling [bangbus] feet .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\brasilian nude fucking hidden .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beast [milf] .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish animal gay uncut .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish cum beast lesbian glans circumcision (Curtney).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\gay several models glans (Anniston,Jade).mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese porn lesbian licking hole lady (Janette).mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian nude lingerie [milf] sm .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\african trambling girls granny .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\black beastiality bukkake hidden glans ejaculation (Tatjana).zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\nude lingerie full movie glans .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\malaysia hardcore hot (!) YEâPSè& .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\american handjob hardcore catfight glans (Sandy,Sarah).rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black nude fucking uncut bedroom .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay uncut girly .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie sleeping feet sm .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast [bangbus] gorgeoushorny .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\swedish cumshot fucking full movie cock Ôï .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\xxx big traffic .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lingerie voyeur young .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\asian bukkake hot (!) feet .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\security\templates\lingerie masturbation beautyfull .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\japanese beastiality xxx catfight feet .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\french hardcore [free] 40+ .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\horse fucking [bangbus] wifey (Sonja,Sarah).zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\italian nude bukkake public glans .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\british trambling girls cock .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\sperm [free] ejaculation .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\trambling public ash .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian public .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish horse lesbian voyeur hairy .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\horse horse public upskirt .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\gang bang trambling hot (!) .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\beast sleeping sm .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african beast voyeur titts beautyfull .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian nude hardcore [bangbus] (Sylvia).avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\german trambling several models feet shoes .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese fucking girls .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian bukkake [bangbus] swallow .rar.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\canadian hardcore hidden sm .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\fucking [milf] .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia gay girls Ôï (Britney,Tatjana).zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\beast several models .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\danish fetish blowjob [milf] hole hairy .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african beast big .mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish nude horse uncut .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\american nude xxx big glans .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\norwegian horse full movie hole latex .mpg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\porn fucking [bangbus] redhair .avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian nude lingerie public feet .zip.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia horse uncut (Janette).avi.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\cum hardcore lesbian young (Ashley,Jade).mpeg.exe	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1808	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1808	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1596	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1596	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
864	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
864	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1092	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1092	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1972	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1972	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4312	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4312	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3856	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3856	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4920	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
4920	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 404	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	81
PID 956 wrote to memory of 404	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	81
PID 956 wrote to memory of 404	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	81
PID 404 wrote to memory of 4692	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	82
PID 404 wrote to memory of 4692	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	82
PID 404 wrote to memory of 4692	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	82
PID 956 wrote to memory of 4268	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	83
PID 956 wrote to memory of 4268	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	83
PID 956 wrote to memory of 4268	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	83
PID 404 wrote to memory of 1196	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	84
PID 404 wrote to memory of 1196	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	84
PID 404 wrote to memory of 1196	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	84
PID 4692 wrote to memory of 1052	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	85
PID 4692 wrote to memory of 1052	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	85
PID 4692 wrote to memory of 1052	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	85
PID 956 wrote to memory of 3300	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	86
PID 956 wrote to memory of 3300	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	86
PID 956 wrote to memory of 3300	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	86
PID 4268 wrote to memory of 2228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	87
PID 4268 wrote to memory of 2228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	87
PID 4268 wrote to memory of 2228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	87
PID 1052 wrote to memory of 1808	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	89
PID 1052 wrote to memory of 1808	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	89
PID 1052 wrote to memory of 1808	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	89
PID 4692 wrote to memory of 1596	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	88
PID 4692 wrote to memory of 1596	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	88
PID 4692 wrote to memory of 1596	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	88
PID 404 wrote to memory of 864	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	90
PID 404 wrote to memory of 864	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	90
PID 404 wrote to memory of 864	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	90
PID 956 wrote to memory of 1092	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	91
PID 956 wrote to memory of 1092	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	91
PID 956 wrote to memory of 1092	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	91
PID 1196 wrote to memory of 1972	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	93
PID 1196 wrote to memory of 1972	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	93
PID 1196 wrote to memory of 1972	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	93
PID 4268 wrote to memory of 4312	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	92
PID 4268 wrote to memory of 4312	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	92
PID 4268 wrote to memory of 4312	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	92
PID 3300 wrote to memory of 3856	3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	94
PID 3300 wrote to memory of 3856	3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	94
PID 3300 wrote to memory of 3856	3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	94
PID 2228 wrote to memory of 4920	2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	95
PID 2228 wrote to memory of 4920	2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	95
PID 2228 wrote to memory of 4920	2228	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	95
PID 1052 wrote to memory of 4680	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	97
PID 1052 wrote to memory of 4680	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	97
PID 1052 wrote to memory of 4680	1052	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	97
PID 4692 wrote to memory of 3808	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	96
PID 4692 wrote to memory of 3808	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	96
PID 4692 wrote to memory of 3808	4692	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	96
PID 404 wrote to memory of 1868	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	98
PID 404 wrote to memory of 1868	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	98
PID 404 wrote to memory of 1868	404	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	98
PID 956 wrote to memory of 3108	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	99
PID 956 wrote to memory of 3108	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	99
PID 956 wrote to memory of 3108	956	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	99
PID 1196 wrote to memory of 4100	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	100
PID 1196 wrote to memory of 4100	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	100
PID 1196 wrote to memory of 4100	1196	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	100
PID 4268 wrote to memory of 3228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	101
PID 4268 wrote to memory of 3228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	101
PID 4268 wrote to memory of 3228	4268	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	101
PID 3300 wrote to memory of 4000	3300	4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe	103

C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:956
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:18484
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:18564
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:18500
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:18660
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:19232
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16604
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:17616
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:19424
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6536
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12760
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:18556
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4268
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:18612
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:19272
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:18548
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:17608
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3300
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:18580
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:18492
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:7336
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12696
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:6208
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:17600
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:14692
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:8112
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12736
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:18524
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:3108
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:6508
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
      4⤵
      PID:15628
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12440
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:17836
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:888
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:8024
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:12728
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:18532
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:6232
- - C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
    3⤵
    PID:15616
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:7284
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:12680
- C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\4e8fd18363c81775a037f8549c4280b7676277149d0532e1dd9750fc4d2b47b5_NeikiAnalytics.exe"
  2⤵
  PID:17584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese handjob lesbian girls .zip.exe

Filesize
1.2MB

MD5
5fdd7b313cf4355848eb5dd1d76592e0

SHA1
0daa2ab6e3f0936ed26d0d2aedaca189127a7c99

SHA256
c7fbbf1416220504baa11635bac634b7688cf25ecffe6e9c5fbea8bd3137bd9c

SHA512
cfa3b0aa0a0122d4bcd3110c969b4554da974f8a8f40361a942d85e8fe2ba7dcba56a5b0f1901b7a5f2129ac1bff777c3339e48b85ded5e981dc5e998a2378e8

Download Submit
C:\debug.txt

Filesize
146B

MD5
068bc148cee9d62b2b1f7aed354cd115

SHA1
a2035f185d17aac4cf7ba80933198c07a400c24b

SHA256
fef3dcaf36ceb655e277479b413f9f0ff9abe06f0c14be688e01fb743265f3d7

SHA512
8c6da162882a539f0541ec470e1b352ff4e644791b4465ea01592635a9bd9f21cbf8f17e58821951f5f8e71497af6007afef8dbf3c146ba7d1dd8d244b436892

Download Submit
memory/224-242-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/224-218-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/404-33-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/404-190-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/432-215-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/432-240-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/452-279-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/452-241-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/464-243-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/544-238-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/544-272-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/864-187-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/864-211-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/888-253-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/956-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/956-188-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1052-182-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1052-200-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1092-214-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1092-189-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1196-181-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1196-198-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1596-210-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1596-186-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1808-207-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1808-185-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1868-202-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1868-225-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1972-216-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1972-191-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2228-205-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2228-184-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2492-251-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2512-245-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2680-250-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2944-248-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3040-269-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3040-235-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3084-213-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3084-237-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3108-204-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3108-228-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3132-273-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3132-239-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3228-233-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3228-208-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3300-203-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3300-183-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3808-224-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3808-201-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3856-194-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3856-219-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4000-234-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4000-209-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4072-247-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4080-252-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4100-206-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4100-232-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4164-220-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4164-244-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4232-261-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4232-229-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4268-195-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4268-154-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4312-217-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4312-192-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4428-222-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4428-246-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4468-226-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4468-258-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4504-254-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4644-236-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4644-212-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4680-199-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4680-223-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4692-193-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4692-153-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4920-221-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/4920-196-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5004-249-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5136-259-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5420-262-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5428-266-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5436-263-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5444-267-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5452-264-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5460-265-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5568-268-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5616-270-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5628-271-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5712-278-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5724-274-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5732-275-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5792-276-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5800-277-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5964-280-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download