1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d

Analysis

max time kernel
13s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Size

387KB
MD5

5458286299f771ed154e683e84780ca0
SHA1

bd6744199500101d1a4eae05e10bf5a4a3ba5bcb
SHA256

1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d
SHA512

6b85f7b2e9b5049068af34ef916976008e6bada5325e4747bbd2f5b5bc4ebd47f19eca7ab3bf07b2475e5961be28b97f1108b6ca776cbdbce9a795ea7e6cd70f
SSDEEP

6144:dXC4vgmhbIxs3NBREEk4RvNCMeSng3QMQuKmnsV87ibPLFjDG3k4vXsjWbTO:dXCNi9BaEzHw3XMM2wupCvXHvO

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\A:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\B:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\G:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\H:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\K:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\M:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\O:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\W:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\L:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\P:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\T:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\E:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\I:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\J:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\N:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\V:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\R:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\S:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\U:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File opened (read-only)	\??\X:	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore masturbation feet .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian gang bang beast licking boots .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish cum gay sleeping mature .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie public .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish horse hardcore girls lady .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese animal bukkake [bangbus] cock ejaculation (Melissa).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish cumshot gay big feet .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\italian nude beast [free] cock .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\trambling several models femdom (Sonja,Janette).mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum lingerie several models (Sylvia).mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse voyeur titts .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake sleeping feet swallow .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\japanese gang bang lesbian hot (!) (Tatjana).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian kicking bukkake big stockings .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\trambling uncut glans .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal lesbian masturbation 40+ .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm hot (!) titts (Anniston,Sarah).zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie [free] boots .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\horse public hole ash .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\bukkake public (Karin).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black handjob sperm voyeur .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish animal fucking full movie blondie .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\japanese handjob trambling several models titts .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian cum lingerie hidden cock .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob several models circumcision .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking hot (!) .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish horse catfight ash (Ashley,Samantha).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian porn blowjob voyeur young .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian handjob beast full movie latex .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish fetish lesbian public hole mature .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\kicking horse licking balls .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\gay hot (!) YEâPSè& .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia blowjob big .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian hardcore catfight fishy .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\kicking lesbian licking boots .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\horse [bangbus] cock (Jenna,Samantha).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\american kicking sperm lesbian .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\porn trambling public feet .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\cum lesbian licking .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cum bukkake several models .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\kicking hardcore voyeur (Janette).mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lingerie [free] feet .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish kicking blowjob hidden bedroom .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\horse public .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\nude horse catfight cock young (Sarah).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\blowjob hidden .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\animal gay voyeur cock bedroom (Tatjana).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african hardcore hot (!) .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian animal gay masturbation shoes .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal sperm big .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\gang bang lesbian several models (Liz).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian porn xxx voyeur (Janette).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\american animal beast hidden titts leather (Samantha).zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian fetish xxx voyeur .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\swedish handjob lesbian hot (!) titts swallow .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\spanish beast full movie redhair .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\french beast [bangbus] hole (Sonja,Sylvia).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\blowjob several models shoes (Kathrin,Janette).mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\african beast [milf] cock .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\kicking trambling [milf] shoes .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese fucking sleeping feet .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\gang bang sperm [bangbus] .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\norwegian fucking [milf] cock (Ashley,Liz).mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\asian fucking catfight feet (Sonja,Sylvia).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia fucking [free] cock redhair (Samantha).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\asian xxx full movie glans .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\hardcore catfight YEâPSè& .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\handjob lesbian hot (!) .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore uncut femdom .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american horse bukkake hot (!) .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german sperm uncut glans black hairunshaved (Janette).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\american fetish xxx lesbian .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\beastiality lesbian hot (!) titts (Christine,Sarah).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese nude horse [bangbus] cock ejaculation .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\canadian fucking masturbation sm .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob sleeping balls .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\trambling several models .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia lesbian public .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\russian beastiality hardcore sleeping .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\danish beastiality bukkake public .mpg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\danish beastiality sperm big hole pregnant (Sylvia).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\malaysia fucking girls (Melissa).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\american gang bang beast [milf] feet penetration .zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\security\templates\italian cumshot blowjob several models .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\african trambling girls cock young .rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\kicking lingerie full movie feet (Jenna,Melissa).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast big .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian big glans high heels (Jade).avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\gay voyeur cock castration .avi.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\brasilian cum sperm girls bedroom .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\swedish fetish sperm uncut Ôï (Anniston,Sylvia).rar.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\horse uncut (Sylvia).zip.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\russian handjob lesbian [milf] titts leather .mpeg.exe	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4548	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4548	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3196	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3196	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4436	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4436	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
816	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
816	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2016	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2016	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3836	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3836	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4604	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
4604	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
5044	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
5044	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 4956	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	81
PID 2972 wrote to memory of 4956	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	81
PID 2972 wrote to memory of 4956	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	81
PID 2972 wrote to memory of 392	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	82
PID 2972 wrote to memory of 392	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	82
PID 2972 wrote to memory of 392	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	82
PID 4956 wrote to memory of 624	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	83
PID 4956 wrote to memory of 624	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	83
PID 4956 wrote to memory of 624	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	83
PID 2972 wrote to memory of 2212	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	84
PID 2972 wrote to memory of 2212	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	84
PID 2972 wrote to memory of 2212	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	84
PID 4956 wrote to memory of 3540	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	85
PID 4956 wrote to memory of 3540	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	85
PID 4956 wrote to memory of 3540	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	85
PID 392 wrote to memory of 2136	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	86
PID 392 wrote to memory of 2136	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	86
PID 392 wrote to memory of 2136	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	86
PID 624 wrote to memory of 3252	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	87
PID 624 wrote to memory of 3252	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	87
PID 624 wrote to memory of 3252	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	87
PID 2972 wrote to memory of 4548	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	88
PID 2972 wrote to memory of 4548	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	88
PID 2972 wrote to memory of 4548	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	88
PID 4956 wrote to memory of 3196	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	89
PID 4956 wrote to memory of 3196	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	89
PID 4956 wrote to memory of 3196	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	89
PID 3540 wrote to memory of 2252	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	90
PID 3540 wrote to memory of 2252	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	90
PID 3540 wrote to memory of 2252	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	90
PID 392 wrote to memory of 4436	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	91
PID 392 wrote to memory of 4436	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	91
PID 392 wrote to memory of 4436	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	91
PID 624 wrote to memory of 816	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	92
PID 624 wrote to memory of 816	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	92
PID 624 wrote to memory of 816	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	92
PID 2212 wrote to memory of 2016	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	93
PID 2212 wrote to memory of 2016	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	93
PID 2212 wrote to memory of 2016	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	93
PID 3252 wrote to memory of 3836	3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	94
PID 3252 wrote to memory of 3836	3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	94
PID 3252 wrote to memory of 3836	3252	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	94
PID 2136 wrote to memory of 4604	2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	95
PID 2136 wrote to memory of 4604	2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	95
PID 2136 wrote to memory of 4604	2136	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	95
PID 2972 wrote to memory of 5044	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	96
PID 2972 wrote to memory of 5044	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	96
PID 2972 wrote to memory of 5044	2972	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	96
PID 4548 wrote to memory of 4752	4548	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	97
PID 4548 wrote to memory of 4752	4548	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	97
PID 4548 wrote to memory of 4752	4548	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	97
PID 4956 wrote to memory of 1180	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	98
PID 4956 wrote to memory of 1180	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	98
PID 4956 wrote to memory of 1180	4956	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	98
PID 392 wrote to memory of 3016	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	99
PID 392 wrote to memory of 3016	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	99
PID 392 wrote to memory of 3016	392	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	99
PID 3540 wrote to memory of 5072	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	100
PID 3540 wrote to memory of 5072	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	100
PID 3540 wrote to memory of 5072	3540	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	100
PID 2212 wrote to memory of 2184	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	102
PID 2212 wrote to memory of 2184	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	102
PID 2212 wrote to memory of 2184	2212	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	102
PID 624 wrote to memory of 4168	624	1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe	101

C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:624
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12376
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12168
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12184
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12268
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12408
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12416
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:6948
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:10384
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12160
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:392
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12240
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12200
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12100
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12716
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12472
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:7076
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:13172
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12208
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12224
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12108
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12400
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12740
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:6900
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:9836
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12084
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        6⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12248
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12676
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12280
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:6972
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:9580
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12264
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
        5⤵
        
        PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12668
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:7012
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:10068
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12176
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  PID:1228
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:6704
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:9084
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12344
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  PID:5228
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
    3⤵
    PID:12392
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  PID:6964
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  PID:10284
- C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\1ee786d92d4527fd9f30ad20edc75734d96d9aa27138eddaf2ab20d2fbb2b99d_NeikiAnalytics.exe"
  2⤵
  PID:12152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal lesbian masturbation 40+ .mpg.exe

Filesize
1.4MB

MD5
206d4f7aa3432919bdedd11f8ca0bdd8

SHA1
a487cb8859bdd1a5b260012023f602584d04aeb4

SHA256
a4cc2bd5ee773260f22d4236c7e4750c8a559db4a022057851af815961fc2d48

SHA512
9c8f7977c309544f466573db2b033c8a2dd42c2c1197d9378b3a5839906af078e995e73777a67c94f75c5d2082572a8474ffe70e745a5d24435a5bdad94176e9

Download Submit