6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313

Analysis

max time kernel
16s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Size

689KB
MD5

763dd6d5d550ebfc7f3270f1505a9960
SHA1

652870efed555125e3f97263c08d00a65107e447
SHA256

6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313
SHA512

ff8589591fcdad2d0bc1615b5f17814499db42581ca439fc579be1be8ae66f4a604785b3bf2e9838dac15f9e6402ce8692ddcf6c3fc2466ecc96a2a131b37ca5
SSDEEP

12288:OWji9BspKvTc2+gi2pBQqTpornB8s7yjxkw2cM2pq1p5YfFP:Csp4ThLnhporCs8k3Epq1p5aP

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\A:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\B:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\J:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\S:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\T:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\H:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\I:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\L:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\O:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\W:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\G:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\K:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\M:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\N:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\P:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\U:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\V:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\X:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\E:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File opened (read-only)	\??\R:	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian horse fucking full movie sm .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese action lesbian hot (!) cock femdom .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking catfight 50+ (Christine,Melissa).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese beastiality lesbian [free] .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast sleeping hole (Sonja,Melissa).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish handjob horse full movie sweet .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast hidden .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\american fetish blowjob uncut high heels (Kathrin,Karin).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\action trambling [free] .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese handjob bukkake lesbian cock .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese gang bang bukkake voyeur titts .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish nude beast voyeur titts .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\bukkake big mistress .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american porn bukkake public gorgeoushorny .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american fetish beast masturbation feet (Sonja,Curtney).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\fucking sleeping shower .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake public gorgeoushorny .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lesbian full movie mature .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\sperm [free] Ôï .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lesbian hot (!) black hairunshaved .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie hot (!) .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake several models 40+ .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\italian cumshot lesbian catfight 50+ .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking full movie granny (Sonja,Sylvia).mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm [free] titts 50+ .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish porn blowjob hot (!) .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake [free] glans .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian handjob fucking uncut hole (Sonja,Samantha).mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beastiality xxx lesbian mistress (Ashley,Melissa).mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling girls ,Ó .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\black beastiality lingerie hidden YEâPSè& .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian sperm lesbian .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\american porn blowjob [milf] .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian cumshot fucking lesbian bedroom .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish cum horse hidden hairy (Christine,Curtney).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\nude blowjob catfight Ôï .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx masturbation .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black horse lesbian hidden .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish nude bukkake [milf] cock swallow .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese cumshot xxx [free] blondie .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\asian horse public (Sylvia).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cumshot blowjob uncut hole .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum sperm full movie .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\british gay full movie .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\italian cum xxx girls balls .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish handjob lingerie public tß .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\hardcore voyeur hole hairy (Curtney).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\french lesbian [milf] hole Ôï .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\russian fetish fucking public .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\cum xxx hidden hole lady (Tatjana).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american kicking fucking voyeur fishy .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish animal beast hot (!) YEâPSè& .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\chinese hardcore catfight (Liz).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\action sperm big mistress (Gina,Sarah).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\hardcore [milf] femdom .mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\russian handjob horse several models (Melissa).mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\danish kicking fucking [free] young .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\animal blowjob uncut traffic (Britney,Liz).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\tyrkish handjob lesbian hot (!) femdom .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\malaysia beast catfight (Samantha).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\italian cum bukkake several models circumcision .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fetish lesbian licking leather .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\norwegian blowjob several models (Jade).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish xxx hot (!) (Curtney).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia lesbian voyeur boots .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian beast big .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia bukkake hidden .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\british sperm uncut .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\beastiality trambling hot (!) (Sarah).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\beast catfight sweet .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\cumshot bukkake full movie mistress .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\russian fetish hardcore several models titts balls .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\danish kicking gay hidden young .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\handjob fucking big feet fishy .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\beast uncut YEâPSè& .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\danish cumshot bukkake [milf] femdom .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian blowjob girls titts (Sandy,Tatjana).avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cumshot xxx several models (Sarah).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian horse voyeur cock .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\blowjob catfight .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling sleeping hole stockings .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\african beast full movie hole hotel (Sarah).avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african beast lesbian cock .rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse xxx voyeur glans .zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beastiality beast hidden .avi.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian handjob trambling girls .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german bukkake [free] circumcision .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese handjob lesbian sleeping shoes (Jenna,Sarah).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\horse full movie feet hairy (Liz).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\swedish kicking bukkake several models feet penetration .mpeg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\german lesbian [free] glans mature (Jade).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie [bangbus] (Samantha).rar.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\hardcore voyeur penetration (Kathrin,Jade).zip.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\british lesbian sleeping swallow (Sandy,Sylvia).mpg.exe	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1600	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1600	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1228	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1432	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1228	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1432	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3988	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3988	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1720	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1720	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2956	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2956	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3832	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3832	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3700	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3700	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4792	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
4792	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1340	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	81
PID 5044 wrote to memory of 1340	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	81
PID 5044 wrote to memory of 1340	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	81
PID 5044 wrote to memory of 1812	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	86
PID 5044 wrote to memory of 1812	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	86
PID 5044 wrote to memory of 1812	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	86
PID 1340 wrote to memory of 3696	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	87
PID 1340 wrote to memory of 3696	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	87
PID 1340 wrote to memory of 3696	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	87
PID 1812 wrote to memory of 4996	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	88
PID 1812 wrote to memory of 4996	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	88
PID 1812 wrote to memory of 4996	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	88
PID 5044 wrote to memory of 1392	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	89
PID 5044 wrote to memory of 1392	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	89
PID 5044 wrote to memory of 1392	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	89
PID 1340 wrote to memory of 2308	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	90
PID 1340 wrote to memory of 2308	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	90
PID 1340 wrote to memory of 2308	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	90
PID 3696 wrote to memory of 3092	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	91
PID 3696 wrote to memory of 3092	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	91
PID 3696 wrote to memory of 3092	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	91
PID 5044 wrote to memory of 3988	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	93
PID 5044 wrote to memory of 3988	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	93
PID 5044 wrote to memory of 3988	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	93
PID 1812 wrote to memory of 1600	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	94
PID 1812 wrote to memory of 1600	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	94
PID 1812 wrote to memory of 1600	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	94
PID 1340 wrote to memory of 1228	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	95
PID 1340 wrote to memory of 1228	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	95
PID 1340 wrote to memory of 1228	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	95
PID 3696 wrote to memory of 1432	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	96
PID 3696 wrote to memory of 1432	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	96
PID 3696 wrote to memory of 1432	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	96
PID 1392 wrote to memory of 1720	1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	98
PID 1392 wrote to memory of 1720	1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	98
PID 1392 wrote to memory of 1720	1392	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	98
PID 2308 wrote to memory of 2956	2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	97
PID 2308 wrote to memory of 2956	2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	97
PID 2308 wrote to memory of 2956	2308	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	97
PID 4996 wrote to memory of 3832	4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	99
PID 4996 wrote to memory of 3832	4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	99
PID 4996 wrote to memory of 3832	4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	99
PID 3092 wrote to memory of 3700	3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	100
PID 3092 wrote to memory of 3700	3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	100
PID 3092 wrote to memory of 3700	3092	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	100
PID 5044 wrote to memory of 2368	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	104
PID 5044 wrote to memory of 2368	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	104
PID 5044 wrote to memory of 2368	5044	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	104
PID 1340 wrote to memory of 3204	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	106
PID 1340 wrote to memory of 3204	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	106
PID 1340 wrote to memory of 3204	1340	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	106
PID 1812 wrote to memory of 4792	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	102
PID 1812 wrote to memory of 4792	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	102
PID 1812 wrote to memory of 4792	1812	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	102
PID 3696 wrote to memory of 2292	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	105
PID 3696 wrote to memory of 2292	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	105
PID 3696 wrote to memory of 2292	3696	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	105
PID 3988 wrote to memory of 8	3988	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	107
PID 3988 wrote to memory of 8	3988	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	107
PID 3988 wrote to memory of 8	3988	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	107
PID 1228 wrote to memory of 3588	1228	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	109
PID 1228 wrote to memory of 3588	1228	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	109
PID 1228 wrote to memory of 3588	1228	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	109
PID 4996 wrote to memory of 1256	4996	6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe	110

C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1340
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:784
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16080
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12932
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15876
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:5164
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:12380
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:7908
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:13268
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15484
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16128
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16152
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15836
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15820
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:9020
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:4944
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:4844
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        6⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15884
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15812
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15892
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:8764
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:11980
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:16088
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3988
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16024
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:1324
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:12084
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:15908
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:4644
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:10660
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:16288
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
      4⤵
      PID:2052
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:8728
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:11948
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:264
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:6336
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
    3⤵
    PID:2176
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:8744
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:12048
- C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\6550ca547134c9612e11eed88658933ef654bdb4c43d38bca9af0d315a91b313_NeikiAnalytics.exe"
  2⤵
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american fetish beast masturbation feet (Sonja,Curtney).mpg.exe

Filesize
1.3MB

MD5
bb90a5b4abbedbe4847d6432e0a38242

SHA1
264fa2fad49984f74417540b142047410d02a04b

SHA256
39a370c14a0adaff1ff57388cf82f4b6ac81fb418b6b18cc4cec52689b5b8ac6

SHA512
c654f04a47a96b414cd57bf92ceef35044d3ca38ba900dc48b1820feac23a4cde2aec2d08f0b60e40b54f8323103fb2fec6863dbf15a60a556a0852ed6669f89

Download Submit
C:\debug.txt

Filesize
146B

MD5
4077f70fd9d893ea000b7470f544cf7b

SHA1
6fb3ce4bacfc1ea28eaaf22efd68e8f4f9547f1f

SHA256
50f72725b837600c9705d2ec9cbc82c141f4e112077ba621a3eeac2cfc6b2fe7

SHA512
6d06f2afd49d26b241abe4bdbd5457fb2d8b18a95a23e60e23a67a7d8a00d2c453d38ff602a38dc8a056b6176dffbf71f158767638389963babb64249e92f46f

Download Submit