0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e

Analysis

max time kernel
11s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Size

1.1MB
MD5

051949c48009e4f684baa27c0a7b56a0
SHA1

460162b65b3715d31bad490a3ed11f221931e40a
SHA256

0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e
SHA512

176f97051e7c00591e637fa5e7d1ccff246427550d3ad5c7d1aafbc18229c34120e71e244b91b462886e02c48ba9b415b78d978bf1ef838b3149d00ee9fdc424
SSDEEP

24576:oW32IEhEsucztBnEDaoey7Ds5ljT4aAL8/1ubO:V32fCNc5BEO87DsjjT4a51ubO

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\V:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\G:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\L:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\N:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\P:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\R:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\I:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\O:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\S:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\T:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\W:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\A:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\B:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\J:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\M:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\X:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\E:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\H:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\K:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish hardcore [free] gorgeoushorny .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black beast full movie pregnant .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black handjob cumshot licking .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore beastiality full movie boobs pregnant .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse full movie 50+ .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore masturbation titts .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\british cum kicking hidden wifey .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie big black hairunshaved .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian masturbation leather .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish beast lesbian .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse public boobs bondage .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake beastiality full movie titts sm .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay bukkake [milf] lady .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian kicking gang bang [free] upskirt .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\french cum catfight glans stockings .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA671.tmp\bukkake animal hot (!) upskirt (Sylvia,Sandy).mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian cum bukkake sleeping cock blondie (Melissa).mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fetish fucking girls balls .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\handjob gang bang girls (Sonja,Jade).zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx hidden .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian trambling catfight nipples latex .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\canadian handjob fucking hot (!) circumcision .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\asian kicking sperm uncut .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish beastiality several models ash boots .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish lingerie handjob sleeping .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\blowjob several models .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake fucking full movie boots .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\malaysia cumshot beastiality several models nipples hairy (Kathrin,Sylvia).avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese trambling hot (!) hole .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie [milf] hole circumcision .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\american xxx lesbian nipples black hairunshaved (Sonja).mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFD7095D-03FC-4A5C-948B-20FAB1B69302}\EDGEMITMP_4CFFA.tmp\russian fetish cum girls mistress .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Drops file in Windows directory 53 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\black beast voyeur shower .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish cum action full movie bondage .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\danish lingerie voyeur titts (Curtney).rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\sperm full movie .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese beast hot (!) sm .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian cumshot big redhair .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian gang bang cum uncut .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese nude beastiality hot (!) (Sonja).zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\sperm sleeping ash .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm porn hot (!) YEâPSè& .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\lingerie full movie vagina (Britney,Samantha).mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\italian horse public hotel .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian animal [free] cock femdom (Sonja,Gina).zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\security\templates\nude beast public .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\lingerie gay hidden boobs 40+ .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\porn cumshot [bangbus] legs .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse xxx uncut glans sweet (Britney).zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american lesbian gang bang hot (!) .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\action full movie .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian nude bukkake sleeping .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay sleeping .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african horse porn girls mistress .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast gang bang full movie ejaculation .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\animal [free] YEâPSè& .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot hot (!) .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cum [bangbus] ejaculation .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\action blowjob sleeping .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\gay hardcore several models legs .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish xxx catfight shower .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian xxx porn [bangbus] hairy (Sarah).avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\tyrkish horse beast lesbian feet .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\danish trambling beastiality [free] titts .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\canadian porn lesbian boobs .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american beast voyeur cock .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish hardcore lesbian hidden titts (Sonja,Britney).mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\american horse trambling [bangbus] boots .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese kicking lesbian sleeping 50+ .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\african beastiality several models ash circumcision (Sandy,Sylvia).avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\blowjob several models bedroom .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake cum uncut glans .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\danish porn voyeur lady .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian porn sperm voyeur girly .rar.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\indian trambling full movie cock .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\porn fucking catfight titts ejaculation .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia beastiality gay full movie boobs YEâPSè& .mpg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian fetish catfight hairy (Ashley).avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\japanese cumshot full movie ash (Melissa).zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish cumshot beast lesbian nipples bondage .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian porn [bangbus] .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\sperm animal licking .mpeg.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm beast [bangbus] YEâPSè& .zip.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian beastiality porn public .avi.exe	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2496	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2496	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4004	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4004	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2032	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2032	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3208	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3208	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1412	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1412	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
2100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4956	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
4956	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 816	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	93
PID 752 wrote to memory of 816	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	93
PID 752 wrote to memory of 816	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	93
PID 816 wrote to memory of 4248	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	95
PID 816 wrote to memory of 4248	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	95
PID 816 wrote to memory of 4248	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	95
PID 752 wrote to memory of 3928	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	96
PID 752 wrote to memory of 3928	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	96
PID 752 wrote to memory of 3928	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	96
PID 816 wrote to memory of 4652	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	98
PID 816 wrote to memory of 4652	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	98
PID 816 wrote to memory of 4652	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	98
PID 752 wrote to memory of 4656	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	99
PID 752 wrote to memory of 4656	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	99
PID 752 wrote to memory of 4656	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	99
PID 3928 wrote to memory of 1096	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	100
PID 3928 wrote to memory of 1096	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	100
PID 3928 wrote to memory of 1096	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	100
PID 4248 wrote to memory of 3968	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	101
PID 4248 wrote to memory of 3968	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	101
PID 4248 wrote to memory of 3968	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	101
PID 816 wrote to memory of 2496	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	102
PID 816 wrote to memory of 2496	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	102
PID 816 wrote to memory of 2496	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	102
PID 4652 wrote to memory of 100	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	103
PID 4652 wrote to memory of 100	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	103
PID 4652 wrote to memory of 100	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	103
PID 752 wrote to memory of 4004	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	104
PID 752 wrote to memory of 4004	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	104
PID 752 wrote to memory of 4004	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	104
PID 3928 wrote to memory of 2032	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	105
PID 3928 wrote to memory of 2032	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	105
PID 3928 wrote to memory of 2032	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	105
PID 4656 wrote to memory of 3208	4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	106
PID 4656 wrote to memory of 3208	4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	106
PID 4656 wrote to memory of 3208	4656	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	106
PID 4248 wrote to memory of 1412	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	107
PID 4248 wrote to memory of 1412	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	107
PID 4248 wrote to memory of 1412	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	107
PID 3968 wrote to memory of 2100	3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	108
PID 3968 wrote to memory of 2100	3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	108
PID 3968 wrote to memory of 2100	3968	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	108
PID 1096 wrote to memory of 4956	1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	109
PID 1096 wrote to memory of 4956	1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	109
PID 1096 wrote to memory of 4956	1096	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	109
PID 816 wrote to memory of 3264	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	110
PID 816 wrote to memory of 3264	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	110
PID 816 wrote to memory of 3264	816	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	110
PID 4652 wrote to memory of 4388	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	111
PID 4652 wrote to memory of 4388	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	111
PID 4652 wrote to memory of 4388	4652	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	111
PID 2496 wrote to memory of 4632	2496	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 4632	2496	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	112
PID 2496 wrote to memory of 4632	2496	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	112
PID 752 wrote to memory of 2204	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	113
PID 752 wrote to memory of 2204	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	113
PID 752 wrote to memory of 2204	752	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	113
PID 100 wrote to memory of 4540	100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	114
PID 100 wrote to memory of 4540	100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	114
PID 100 wrote to memory of 4540	100	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	114
PID 3928 wrote to memory of 2212	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	115
PID 3928 wrote to memory of 2212	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	115
PID 3928 wrote to memory of 2212	3928	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	115
PID 4248 wrote to memory of 3320	4248	0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:752
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8748
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        7⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12444
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:10112
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9652
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9500
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:4820
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9164
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5144
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3928
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8436
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:10332
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8196
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7232
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9724
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9140
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:164
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:8072
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4656
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        6⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8452
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8272
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9556
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9124
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:12100
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:7996
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
        5⤵
        
        PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:8484
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:2652
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9148
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:12116
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:8496
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
      4⤵
      PID:9836
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:12108
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:8380
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9928
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:6868
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:11204
- - C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
    3⤵
    PID:9688
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:9108
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:13304
- C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\0218206182bf2ba0dfa9e67da78ed3e9164958f352e92348ad91f8a093a7a57e_NeikiAnalytics.exe"
  2⤵
  PID:8140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1300,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=1416 /prefetch:8
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish beastiality several models ash boots .rar.exe

Filesize
763KB

MD5
06e8bbd59221ff82530c3b49f7c714c1

SHA1
8923e13ec79c40a6c56fdf889fb81a3c107cd987

SHA256
917b7f10cac49e75d1c36e1a158716e0afb6a5bc68bdda16a7300c44f50154eb

SHA512
70f5cdf4efc72289488e9094944d53ea5d3a244a07cc321782feaf15c8a712e5f9867c2e2cd7c1d62c4a4a627d36ce84ed62b0577a6abddf6981bdaa56f25b18

Download Submit
memory/100-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/752-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2032-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2100-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2204-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3208-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3968-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4004-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4388-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4632-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5192-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5204-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5328-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5344-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5352-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5384-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5504-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5544-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5560-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5568-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5576-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5608-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5632-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6288-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6296-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6304-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6420-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6428-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6444-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6452-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6460-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6560-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6736-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6744-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6760-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6776-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6784-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6820-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6868-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7068-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7640-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7724-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7772-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7812-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7888-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7900-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8012-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8212-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8236-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8244-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8252-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8860-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8876-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8884-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8892-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8900-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8908-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8916-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8924-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8932-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8940-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8956-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8964-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8972-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8980-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8988-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8996-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9004-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9012-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9020-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9028-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9036-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9052-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9060-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9068-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9076-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9084-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9100-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9124-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9172-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9220-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9420-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9756-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9808-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9816-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9824-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9832-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9860-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10356-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10424-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10984-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/11132-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/11140-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download