362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354

Analysis

max time kernel
11s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Size

1.1MB
MD5

d6649a6778c42d3a73da84e7926bc8b0
SHA1

9c52d5828c9a93a8c2eccb2587a032f9772f4003
SHA256

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354
SHA512

cc1a33661a7ca8997f8095c591779d9af1478d65c3e14e5490c3d0e19146ddb974a3883b51fbfee70efca03834397dd2ad0139098aa8b8968cb818cba630b675
SSDEEP

24576:COyOuKpA9temTKNaX5SH/l16Vf0OPI/CXpgZ0u:CbOu6AfLKsgd0D8CuZR

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\V:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\A:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\I:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\L:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\N:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\P:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\T:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\G:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\O:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\S:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\R:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\W:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\B:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\E:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\H:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\K:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\M:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\X:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\J:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian handjob [bangbus] 40+ .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum hidden (Anniston).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore [free] nipples (Sandy).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish porn uncut hole high heels .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm uncut titts .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american handjob kicking public .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian nude sleeping nipples traffic (Sonja,Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian handjob beastiality hot (!) legs traffic (Jenna).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese fetish blowjob sleeping .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese nude uncut shower .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french lesbian masturbation .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish sperm hot (!) mature (Curtney,Jade).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\chinese cum [milf] ash .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian cumshot several models (Gina).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese animal beast girls vagina .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\african action [bangbus] ash (Jade,Samantha).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gang bang masturbation legs ash .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beastiality beastiality big .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\fucking sperm licking .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish gang bang several models .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\british bukkake lesbian masturbation titts upskirt .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie big legs black hairunshaved .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum blowjob hidden titts (Sandy,Janette).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal trambling several models redhair (Tatjana,Samantha).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian gay xxx uncut .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum hot (!) fishy .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish cumshot nude [milf] stockings .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese nude horse full movie upskirt (Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african fetish [bangbus] penetration .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish blowjob lesbian .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\brasilian beastiality [bangbus] girly (Gina).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob voyeur titts penetration (Gina).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american fucking gay voyeur (Kathrin).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx several models glans .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british horse cumshot hidden cock hairy (Christine,Britney).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\brasilian gang bang several models hole latex (Ashley,Britney).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\african blowjob fucking lesbian gorgeoushorny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse voyeur cock .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\german lesbian fucking licking blondie .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\animal xxx girls (Kathrin).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia lesbian blowjob hot (!) .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gang bang girls .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\american beastiality full movie femdom .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\nude nude hot (!) bondage (Ashley).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\brasilian porn cum catfight .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\handjob sperm hot (!) YEâPSè& (Sonja,Liz).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian porn lesbian nipples swallow .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\gang bang gang bang several models .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\norwegian fucking cum catfight vagina (Samantha,Curtney).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie several models 50+ (Kathrin,Curtney).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish trambling bukkake licking femdom .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\blowjob gay public .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish handjob xxx hot (!) lady .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian blowjob sperm [milf] sm (Sonja,Tatjana).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\lingerie gay lesbian .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\blowjob gang bang girls titts bedroom .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cumshot girls circumcision (Melissa,Jenna).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\danish fetish gang bang [milf] nipples 40+ (Jade,Sylvia).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish fucking full movie circumcision (Liz,Ashley).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\canadian porn licking pregnant (Britney).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\japanese sperm gay public circumcision .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese lingerie lingerie uncut castration (Anniston,Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\security\templates\danish sperm voyeur .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\handjob blowjob several models bedroom .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish horse voyeur boobs ejaculation .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian fucking gay [milf] gorgeoushorny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking xxx hot (!) stockings .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black cum cum masturbation granny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian trambling lesbian catfight penetration (Kathrin).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\american fucking blowjob catfight feet Ôï .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\malaysia lesbian girls vagina ejaculation .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\british horse lesbian young (Sylvia,Kathrin).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian lingerie action catfight bondage .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american lingerie masturbation .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese fetish lesbian hot (!) circumcision .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\animal lingerie sleeping balls .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\russian blowjob public beautyfull (Melissa).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\sperm licking .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake animal full movie ash bondage .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4504	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4504	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3592	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3592	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4972	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4972	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1100	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1100	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3844	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3844	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1952	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1952	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3092	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3092	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5012	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5012	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	86
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	86
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	86
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	89
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	89
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	89
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	90
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	90
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	90
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	93
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	93
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	93
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	94
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	94
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	94
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	95
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	95
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	95
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	96
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	96
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	96
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	98
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	98
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	98
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	99
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	99
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	99
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	100
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	100
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	100
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	101
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	101
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	101
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	102
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	102
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	102
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	103
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	103
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	103
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	104
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	104
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	104
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	105
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	105
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	105
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	108
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	108
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	108
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	109
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	109
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	109
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	110
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	110
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	110
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	111
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	111
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	111
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	112
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	112
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	112
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	113
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	113
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	113
PID 5084 wrote to memory of 1572	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13176
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13628
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13644
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13792
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:216
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10632
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13388
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:9116
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:10216
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:14472
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        7⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:212
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13380
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:3220
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13128
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:14488
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:11936
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:10176
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:13660
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:388
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:14392
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10084
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13636
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13872
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:10184
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:13620
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:14984
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
        5⤵
        
        PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13652
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:3088
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:12756
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:10128
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:12912
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:3384
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:10944
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
      4⤵
      PID:13032
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:14400
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:5308
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:10280
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:14440
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:7004
- - C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
    3⤵
    PID:13136
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:9232
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:10168
- C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
  2⤵
  PID:13328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal trambling several models redhair (Tatjana,Samantha).zip.exe

Filesize
1.6MB

MD5
533bfd5cdb9825491a904f3dbd56be6d

SHA1
5222111d0ae75d302b0f148c0dc6f923eb69f428

SHA256
aabf5c1c85fe1a779171cdde83d03e2d30d54d7b197643ad5411c600ac50df89

SHA512
bbce1925d75ab23fb04598a47a8ae83f33b3cf33cb73f7f24fb5b3e495cf5507a4359a6fa2351e9cdd643ed49509d7afe5dc519284fbe981e1ea39e5da8cc299

Download Submit