fdbe1ac0be100c0da95bcca568de2406355c0947c9873460c21da9a291d716a6

Analysis

max time kernel
24s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 08:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
Size

288KB
MD5

addbaf1e2cab3efa1fb1e7f49e0de510
SHA1

b50df89de6775beb8232140dc2cbef120cd6b5f3
SHA256

fdbe1ac0be100c0da95bcca568de2406355c0947c9873460c21da9a291d716a6
SHA512

aea82fb60b083b1d70976e229bae8dd6c59c7599361aef570c28e7a8266602d329dc7fe6fee4445e3796fd0e7ce71e828d64c55f149df4c21496b7c5a033f684
SSDEEP

6144:VjluQoSv4DSIo5R4nM/40yPiL0C8IA9znwEBfUxifU/0c1xERs82BC9co:VEQoSfqHiAC8IkzwWt6EsPol

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3404-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3404-4-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x000700000002325a-6.dat	upx
behavioral2/memory/3404-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2608-14-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3404-13-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2752-17-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3000-16-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3600-18-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1772-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-21-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4852-20-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3828-23-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2400-27-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4840-28-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3224-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2856-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3484-36-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4004-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4300-43-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1292-45-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1892-44-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1900-49-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4640-48-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2608-42-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2872-53-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1120-52-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2752-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3000-54-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3680-51-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1772-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4408-60-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3308-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2112-64-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4884-63-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3948-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4612-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4600-76-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4488-75-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4300-82-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4840-74-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2400-73-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5212-83-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5132-81-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1892-80-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3484-79-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4436-84-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5364-87-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1120-88-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2872-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5376-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1820-91-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5588-98-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3308-97-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4488-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5132-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5920-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5756-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4600-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5732-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3948-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2112-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5476-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4408-93-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\A:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\K:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\S:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\X:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\I:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\G:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\J:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\L:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\M:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\N:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\P:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\E:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\V:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\W:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\T:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\O:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\R:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\U:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File opened (read-only)	\??\H:	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\swedish handjob hardcore licking titts young .mpeg.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\xxx licking cock young (Tatjana).rar.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie voyeur balls .rar.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian cum lingerie licking titts .mpeg.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\horse hidden .rar.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian gang bang xxx uncut feet penetration .rar.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish handjob hardcore public lady .zip.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude gay uncut hole 40+ .rar.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian cum lingerie [free] shower .avi.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black nude beast lesbian sweet .mpeg.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay voyeur ash .mpeg.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3224	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3224	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
2856	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
2856	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4004	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4004	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
2608	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
2608	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 3600	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	91
PID 3404 wrote to memory of 3600	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	91
PID 3404 wrote to memory of 3600	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	91
PID 3404 wrote to memory of 4852	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	92
PID 3404 wrote to memory of 4852	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	92
PID 3404 wrote to memory of 4852	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	92
PID 3600 wrote to memory of 3828	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	93
PID 3600 wrote to memory of 3828	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	93
PID 3600 wrote to memory of 3828	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	93
PID 3404 wrote to memory of 3224	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	94
PID 3404 wrote to memory of 3224	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	94
PID 3404 wrote to memory of 3224	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	94
PID 4852 wrote to memory of 2856	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	95
PID 4852 wrote to memory of 2856	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	95
PID 4852 wrote to memory of 2856	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	95
PID 3600 wrote to memory of 4004	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	96
PID 3600 wrote to memory of 4004	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	96
PID 3600 wrote to memory of 4004	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	96
PID 3828 wrote to memory of 2608	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	97
PID 3828 wrote to memory of 2608	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	97
PID 3828 wrote to memory of 2608	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	97
PID 3404 wrote to memory of 1292	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	98
PID 3404 wrote to memory of 1292	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	98
PID 3404 wrote to memory of 1292	3404	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	98
PID 4852 wrote to memory of 4640	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	99
PID 4852 wrote to memory of 4640	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	99
PID 4852 wrote to memory of 4640	4852	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	99
PID 3600 wrote to memory of 1900	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	100
PID 3600 wrote to memory of 1900	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	100
PID 3600 wrote to memory of 1900	3600	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	100
PID 3828 wrote to memory of 3680	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	101
PID 3828 wrote to memory of 3680	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	101
PID 3828 wrote to memory of 3680	3828	addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe	101

C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:216
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:812
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:12688
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8224
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:13020
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:11632
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:7764
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:9832
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4140
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4852
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        7⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10700
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:756
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10792
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:12948
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:3872
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:7596
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:9576
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:13128
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:11640
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
        5⤵
        
        PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:12328
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:11932
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:7952
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:10204
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:8348
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10716
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:8868
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:8516
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:10892
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:4612
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:2024
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:8144
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:10964
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:11364
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
      4⤵
      PID:12284
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:1184
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:12940
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:5996
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:10412
- - C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
    3⤵
    PID:14196
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:5856
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:8388
- C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\addbaf1e2cab3efa1fb1e7f49e0de510_NeikiAnalytics.exe"
  2⤵
  PID:11624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:9224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay voyeur ash .mpeg.exe

Filesize
324KB

MD5
04b680937168a95bc0ef514cbcc57cdd

SHA1
ae926386c1ae0f4f5f86e1f80725072d9dda66cc

SHA256
8f0d895555da524b99ce5db330c05498e0799faafcc24f097e36b59bb93b780f

SHA512
a56dc41d13e8346bb5f59d056e05e6a33d142897f7020e01bf068add4921714d84e05f70633fa85fa07172110474933f1a4d8076af91da1fcf5a9ecbf81e9ddc

Download Submit
memory/1120-52-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1120-88-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1292-45-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1772-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1772-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1820-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1892-80-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1892-44-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1900-49-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2112-64-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2112-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2400-73-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2400-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2608-14-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2608-42-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2752-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2752-17-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2856-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-53-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3000-54-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3000-16-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3224-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3308-97-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3308-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-4-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-304-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3404-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3484-36-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3484-79-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3600-18-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3680-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3828-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3948-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3948-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4004-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4300-82-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4300-43-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4408-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4408-93-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4436-84-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4488-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4488-75-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4600-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4600-76-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4612-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4640-48-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-74-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-28-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4852-20-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-63-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4884-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5072-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5132-81-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5176-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-83-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5296-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5364-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5364-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5376-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5376-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5384-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5428-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5452-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5476-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5516-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5588-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5588-98-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5732-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5732-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5756-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5756-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5872-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5884-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5900-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5920-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5996-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6064-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6116-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6224-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6232-162-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6268-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6288-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6304-158-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6332-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6364-159-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6372-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6380-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6392-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6632-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6640-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6768-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download