940091559b89fb5b678d9a11b73f8b2144f99b2a17165741f41f1bdb0c2c2f78

Analysis

max time kernel
11s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Size

613KB
MD5

b179fd2a8da6410d054f26029233a4f0
SHA1

83fa7cbd217daaf5228fdd61c7b67579c956a8c3
SHA256

940091559b89fb5b678d9a11b73f8b2144f99b2a17165741f41f1bdb0c2c2f78
SHA512

62a5f0095deccbea245508fe664558e019a8d9e490dc28d0e88990e517cda236beafe4c95994c50cd293826c008c18d64a0bedcd25715aabbac4b0fc195afa9d
SSDEEP

12288:oGHasii9Bpbpj+1FeriS//RXvHWbR/bYZzzFUwXVrkcQOIKlZb+3uQl:86pljQer/FfWbR/bYpFRXNmOblZKeQl

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cum animal masturbation vagina penetration .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian fucking big .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian cum hot (!) sm (Sarah).zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm horse [milf] shower .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese porn sperm several models beautyfull (Gina,Anniston).mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese cumshot [bangbus] .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\nude horse lesbian titts high heels .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\german sperm horse girls hairy .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay cumshot masturbation titts blondie (Britney).mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\african beastiality masturbation circumcision .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cumshot uncut upskirt .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse porn several models gorgeoushorny (Samantha,Melissa).zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\black porn several models hole girly .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian beastiality hot (!) feet (Sonja,Samantha).mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\german xxx beast lesbian nipples 40+ .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB476.tmp\tyrkish lesbian girls .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american horse sleeping ash .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american bukkake trambling lesbian mistress .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\porn [bangbus] upskirt .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese fucking sleeping ash .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian handjob cum lesbian .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal public .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse [milf] black hairunshaved .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian cum beastiality [milf] pregnant (Janette).mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\american beastiality xxx hot (!) ash wifey .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\asian gay action masturbation glans .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black sperm public hairy .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french cum cum masturbation glans sm .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality nude sleeping legs .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\bukkake uncut ash (Britney,Sylvia).avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish sperm [free] feet .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\assembly\tmp\danish porn big vagina (Jade,Jade).rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\xxx hot (!) boots .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cum lingerie public titts .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\xxx action [free] feet (Liz).zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\animal public .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\malaysia lingerie big boobs .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\norwegian bukkake hot (!) feet .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\norwegian porn catfight hole latex .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\action uncut cock granny (Jenna,Liz).avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\canadian gang bang hot (!) hole bondage .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\brasilian bukkake masturbation boobs .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast several models legs femdom (Kathrin,Britney).mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese fetish xxx full movie .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake beast lesbian swallow .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish beastiality hot (!) penetration .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob nude licking boobs hotel .rar.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian kicking uncut (Anniston).zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american beastiality bukkake masturbation balls (Samantha,Christine).zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\black horse masturbation castration (Curtney,Jenna).mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\tyrkish horse horse [bangbus] hairy .zip.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\cum lesbian uncut legs .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang [free] boots (Kathrin).mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\canadian horse fetish [bangbus] nipples (Jenna).avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian cum several models castration .mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish lesbian [milf] high heels (Tatjana,Liz).mpg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american bukkake fetish big bondage .avi.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gang bang [milf] mistress .mpeg.exe	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
3936	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
3936	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1940	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1940	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
3648	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
3648	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
2880	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
2880	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4748	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4748	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1520	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1520	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 508	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	88
PID 1132 wrote to memory of 508	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	88
PID 1132 wrote to memory of 508	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	88
PID 508 wrote to memory of 1168	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	92
PID 508 wrote to memory of 1168	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	92
PID 508 wrote to memory of 1168	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	92
PID 1132 wrote to memory of 4996	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	93
PID 1132 wrote to memory of 4996	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	93
PID 1132 wrote to memory of 4996	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	93
PID 508 wrote to memory of 4240	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	97
PID 508 wrote to memory of 4240	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	97
PID 508 wrote to memory of 4240	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	97
PID 1132 wrote to memory of 3936	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	98
PID 1132 wrote to memory of 3936	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	98
PID 1132 wrote to memory of 3936	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	98
PID 4996 wrote to memory of 1940	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	99
PID 4996 wrote to memory of 1940	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	99
PID 4996 wrote to memory of 1940	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	99
PID 1168 wrote to memory of 3648	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	100
PID 1168 wrote to memory of 3648	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	100
PID 1168 wrote to memory of 3648	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	100
PID 508 wrote to memory of 1520	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	102
PID 508 wrote to memory of 1520	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	102
PID 508 wrote to memory of 1520	508	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	102
PID 4240 wrote to memory of 2880	4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	103
PID 4240 wrote to memory of 2880	4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	103
PID 4240 wrote to memory of 2880	4240	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	103
PID 1132 wrote to memory of 4748	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	104
PID 1132 wrote to memory of 4748	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	104
PID 1132 wrote to memory of 4748	1132	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	104
PID 4996 wrote to memory of 2980	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	106
PID 4996 wrote to memory of 2980	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	106
PID 4996 wrote to memory of 2980	4996	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	106
PID 1168 wrote to memory of 2272	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	105
PID 1168 wrote to memory of 2272	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	105
PID 1168 wrote to memory of 2272	1168	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	105
PID 3936 wrote to memory of 1964	3936	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	107
PID 3936 wrote to memory of 1964	3936	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	107
PID 3936 wrote to memory of 1964	3936	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	107
PID 1940 wrote to memory of 4208	1940	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	108
PID 1940 wrote to memory of 4208	1940	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	108
PID 1940 wrote to memory of 4208	1940	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	108
PID 3648 wrote to memory of 4004	3648	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	109
PID 3648 wrote to memory of 4004	3648	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	109
PID 3648 wrote to memory of 4004	3648	b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:508
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12716
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11644
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:2020
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:11584
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:10644
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:10400
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12384
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:8232
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:11624
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        7⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:13180
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12812
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:11564
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8972
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12624
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:9112
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:12452
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12184
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:10620
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12548
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:9184
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:12708
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
        5⤵
        
        PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:11260
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:11572
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:12500
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:13076
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
      4⤵
      PID:10780
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:11200
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  PID:5404
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:10304
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:14240
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  PID:6684
- - C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
    3⤵
    PID:12436
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  PID:8868
- C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\b179fd2a8da6410d054f26029233a4f0_NeikiAnalytics.exe"
  2⤵
  PID:12064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal public .mpeg.exe

Filesize
1.2MB

MD5
72600f26d21b6cc4b053334926c2445c

SHA1
e9ca6a612f9ae6a3c8b589ee4356c6ecb89a1040

SHA256
45fa5c6791650b6638c1b3fb32b3388bf739832031fc73041d552e4454b8e9b2

SHA512
486acafd3c438e9f8c6065b15b8946752a0b88c8047d824baf6ca7b2154324ab1d8e989db3a6e1aae24f364b5bcdbd94c1f9448d25b230c687ffe863957da954

Download Submit