6ba88af15d9aacb729b630d48c1a7a17579f25215c797a5b6da0e3d9b0480f88

Analysis

max time kernel
17s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
Size

536KB
MD5

77fc02ac3fa027fca50188d7eb9778e0
SHA1

cee5d158658d30aed0429ebb00502b79e3533584
SHA256

6ba88af15d9aacb729b630d48c1a7a17579f25215c797a5b6da0e3d9b0480f88
SHA512

1feee09f8955c56909e5a815b9b1b0f35877f95623121ea1d8e146e10b5a3e7d7f2a8aacd6a85fd978fe51e973118402fdd1820febcce7f0b78ea2a3f58d976e
SSDEEP

12288:dXCNi9BRLf6Jw7+dFkJTFYJOU8oy8HRHae05iJJESK4NE3N7H:oWRDqcTDoFzf04NyR

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\hardcore girls penetration .mpg.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian beastiality bukkake [milf] hole girly (Janette).avi.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american porn horse [milf] sm .zip.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lesbian catfight .mpeg.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese nude fucking [bangbus] granny .zip.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\italian handjob sperm hot (!) feet stockings .rar.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian gang bang gay licking sm .avi.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese fetish hardcore uncut glans .rar.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm catfight (Tatjana).mpg.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
960	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
960	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2540	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
2540	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
3616	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
3616	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 2504	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	91
PID 5064 wrote to memory of 2504	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	91
PID 5064 wrote to memory of 2504	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	91
PID 5064 wrote to memory of 1404	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	92
PID 5064 wrote to memory of 1404	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	92
PID 5064 wrote to memory of 1404	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	92
PID 2504 wrote to memory of 960	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	93
PID 2504 wrote to memory of 960	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	93
PID 2504 wrote to memory of 960	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	93
PID 5064 wrote to memory of 2540	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	94
PID 5064 wrote to memory of 2540	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	94
PID 5064 wrote to memory of 2540	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	94
PID 1404 wrote to memory of 3616	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	95
PID 1404 wrote to memory of 3616	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	95
PID 1404 wrote to memory of 3616	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	95
PID 2504 wrote to memory of 4892	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	96
PID 2504 wrote to memory of 4892	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	96
PID 2504 wrote to memory of 4892	2504	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	96
PID 960 wrote to memory of 4456	960	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	97
PID 960 wrote to memory of 4456	960	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	97
PID 960 wrote to memory of 4456	960	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	97
PID 5064 wrote to memory of 1192	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	98
PID 5064 wrote to memory of 1192	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	98
PID 5064 wrote to memory of 1192	5064	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	98
PID 1404 wrote to memory of 4772	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	99
PID 1404 wrote to memory of 4772	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	99
PID 1404 wrote to memory of 4772	1404	77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe	99

C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        7⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        7⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        7⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:10024
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:10944
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:368
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:12248
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7152
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:11084
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:764
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:7204
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:11788
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        7⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11544
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:12112
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        6⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:10428
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:2136
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:11096
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8992
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:7020
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:11452
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:11384
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:12104
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:10904
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:11908
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:7404
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:9404
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:9780
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:1192
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
        5⤵
        
        PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9940
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:12052
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:6984
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:8884
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:11404
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:3532
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:12424
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
      4⤵
      PID:8260
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:6924
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:10736
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:8228
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:10852
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:5724
- - C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
    3⤵
    PID:10444
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:6992
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:8932
- C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\77fc02ac3fa027fca50188d7eb9778e0_NeikiAnalytics.exe"
  2⤵
  PID:11552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:8488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm catfight (Tatjana).mpg.exe

Filesize
1.7MB

MD5
a90cb11d8ae7051074acb727c83d5753

SHA1
e6d8591504f859b75a64f28a29c2bd0d9cb261e0

SHA256
3cbf7255e163dbc0232812b5bba636770ea1c0499c7ef962337e951989bfdd95

SHA512
3252a866037d24537208926964bfdd8b613694693e5b4bdba1dddceab7a656036548abd3590b0ae0e80893c332c40754a1d9ced67694ccd3d61fa138ee2ecddd

Download Submit
memory/672-24-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1132-23-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1240-20-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1404-10-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1436-26-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1748-14-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-17-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2588-15-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-33-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2872-28-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3380-18-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3484-31-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3532-19-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3616-12-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3628-30-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3684-16-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3916-22-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4284-21-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4312-25-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4460-29-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4660-27-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4892-13-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5064-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5144-32-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-34-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5248-35-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5316-36-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5484-37-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5496-38-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5576-39-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5708-40-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5740-41-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5872-42-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-43-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5892-44-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6100-45-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6372-47-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6388-48-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6396-49-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6404-51-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6416-50-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6532-52-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6540-53-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6564-54-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6644-55-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6696-56-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6924-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6976-57-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7020-58-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-61-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7036-59-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7132-60-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7204-62-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7324-63-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7340-69-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7348-70-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7356-64-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7404-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7468-71-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-73-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7672-78-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7692-79-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8072-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8228-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8236-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8340-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8352-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8372-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8428-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8436-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8472-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8564-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8636-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8644-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8876-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8884-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8892-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8900-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8932-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9016-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9024-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9036-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9184-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9228-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9240-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9248-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9256-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9264-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9272-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9360-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9396-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9404-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9512-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9524-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9712-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download