eb672217fcc214bdc80ac7965cba66bf314d67432db037017767248a3ffeabf4

Analysis

max time kernel
24s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
Size

323KB
MD5

17635e63d3b7a5679e82e95ed4ddc730
SHA1

1409e37a628a88bbe5b1c9602ed4d37081b7dead
SHA256

eb672217fcc214bdc80ac7965cba66bf314d67432db037017767248a3ffeabf4
SHA512

ac9e1aed3ab59565ebe06bcfd6f59880baae7ae49446943040592d9ae6e60e2f97ad994d4dcf86dc7e217c2b2bb15e4e23d76464d5d63563651652e4ed984471
SSDEEP

6144:aDOxZXrSHXUTsYkUehmgqcsnH59iAoyjaRsua7ZinXUGd8heLr00/gFAtrFtZraq:lXa8sYkUehmgBs3doQa+n7ZiXUJhX0aw

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\B:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\M:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\R:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\T:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\X:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\I:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\K:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\L:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\P:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\S:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\U:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\E:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\O:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\V:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\W:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\G:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\H:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\J:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File opened (read-only)	\??\N:	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\fetish handjob big glans stockings .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\beast trambling girls upskirt .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\spanish horse [bangbus] .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish bukkake licking castration (Sonja,Sarah).mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cumshot [milf] .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\german porn [milf] Ôë .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse gay hidden traffic .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\german nude sleeping castration .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian kicking girls cock sweet (Curtney,Tatjana).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian trambling nude voyeur 40+ .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\indian cum xxx hot (!) legs pregnant .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gang bang beast hot (!) (Anniston).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\spanish bukkake hot (!) lady .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob [milf] (Christine).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish sperm uncut (Sonja,Sarah).mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian lingerie cum catfight mature .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american beastiality big cock traffic .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\animal bukkake licking traffic .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\asian action sperm hot (!) (Curtney,Jenna).mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang sperm uncut .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\malaysia fetish [milf] titts penetration (Jenna,Sonja).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\malaysia cum lesbian [bangbus] (Sonja,Christine).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\british cumshot several models shoes .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\german kicking uncut shower .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse animal catfight titts blondie .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beastiality public .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\action porn voyeur .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse uncut leather (Sylvia).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian cumshot handjob lesbian (Jade).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\chinese action big (Melissa,Britney).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\sperm sleeping boots .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse fetish [bangbus] (Sonja,Sarah).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian sperm fucking public fishy .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese horse hot (!) castration .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\security\templates\hardcore [milf] .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\swedish sperm lingerie girls (Jade,Sonja).mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian bukkake horse uncut shower .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian sperm hot (!) .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian porn [milf] .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse several models glans .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia hardcore beast [bangbus] .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\bukkake several models .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\italian blowjob voyeur (Janette).mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\malaysia horse sleeping .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking bukkake voyeur leather (Britney,Ashley).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\action sleeping .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\animal hot (!) (Sylvia).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish lesbian blowjob full movie femdom .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish handjob animal uncut ash girly .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cumshot [bangbus] glans .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cumshot sleeping bedroom .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese porn [free] leather (Ashley).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian sperm blowjob big .mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\german cum porn public .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fetish trambling [bangbus] hole 50+ .zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish bukkake big (Britney).mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot [milf] fishy (Kathrin,Melissa).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm horse voyeur swallow .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french handjob horse public .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american action kicking licking (Sylvia).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\canadian fetish uncut feet (Janette).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian lingerie fetish uncut vagina .mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\african horse cum [free] (Janette).mpg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gang bang cumshot lesbian (Liz,Anniston).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\african cum [milf] black hairunshaved (Karin,Curtney).rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\horse animal lesbian (Gina).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish fetish hardcore lesbian hole (Curtney).mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum licking redhair .avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\british kicking cum voyeur swallow (Sylvia).mpeg.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\french horse sleeping glans traffic (Anniston,Gina).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american gang bang xxx sleeping vagina ejaculation .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beast bukkake voyeur ash castration (Janette).zip.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\cum big glans .rar.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\asian cum licking hairy (Liz).avi.exe	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
616	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2692	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2148	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2232	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2700	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2204	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2320	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2976	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2780	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2776	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
616	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
3000	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2940	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2964	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
548	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
400	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1628	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1380	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1648	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
320	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1820	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2232	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
1824	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
608	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2692	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2692	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2700	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2700	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2148	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
2148	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2900	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2900	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2900	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2900	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2532	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	29
PID 1500 wrote to memory of 2532	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	29
PID 1500 wrote to memory of 2532	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	29
PID 1500 wrote to memory of 2532	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	29
PID 2900 wrote to memory of 2396	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	30
PID 2900 wrote to memory of 2396	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	30
PID 2900 wrote to memory of 2396	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	30
PID 2900 wrote to memory of 2396	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	30
PID 2396 wrote to memory of 3032	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	31
PID 2396 wrote to memory of 3032	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	31
PID 2396 wrote to memory of 3032	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	31
PID 2396 wrote to memory of 3032	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	31
PID 2532 wrote to memory of 2848	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	32
PID 2532 wrote to memory of 2848	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	32
PID 2532 wrote to memory of 2848	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	32
PID 2532 wrote to memory of 2848	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	32
PID 1500 wrote to memory of 752	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	33
PID 1500 wrote to memory of 752	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	33
PID 1500 wrote to memory of 752	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	33
PID 1500 wrote to memory of 752	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	33
PID 2900 wrote to memory of 1652	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	34
PID 2900 wrote to memory of 1652	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	34
PID 2900 wrote to memory of 1652	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	34
PID 2900 wrote to memory of 1652	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	34
PID 2532 wrote to memory of 2692	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	35
PID 2532 wrote to memory of 2692	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	35
PID 2532 wrote to memory of 2692	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	35
PID 2532 wrote to memory of 2692	2532	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	35
PID 2396 wrote to memory of 1184	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	36
PID 2396 wrote to memory of 1184	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	36
PID 2396 wrote to memory of 1184	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	36
PID 2396 wrote to memory of 1184	2396	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	36
PID 3032 wrote to memory of 616	3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	37
PID 3032 wrote to memory of 616	3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	37
PID 3032 wrote to memory of 616	3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	37
PID 3032 wrote to memory of 616	3032	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	37
PID 2900 wrote to memory of 2148	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	38
PID 2900 wrote to memory of 2148	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	38
PID 2900 wrote to memory of 2148	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	38
PID 2900 wrote to memory of 2148	2900	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	38
PID 2848 wrote to memory of 2700	2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	39
PID 2848 wrote to memory of 2700	2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	39
PID 2848 wrote to memory of 2700	2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	39
PID 2848 wrote to memory of 2700	2848	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	39
PID 1500 wrote to memory of 2232	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	40
PID 1500 wrote to memory of 2232	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	40
PID 1500 wrote to memory of 2232	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	40
PID 1500 wrote to memory of 2232	1500	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	40
PID 1652 wrote to memory of 2320	1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	41
PID 1652 wrote to memory of 2320	1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	41
PID 1652 wrote to memory of 2320	1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	41
PID 1652 wrote to memory of 2320	1652	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	41
PID 752 wrote to memory of 2204	752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	42
PID 752 wrote to memory of 2204	752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	42
PID 752 wrote to memory of 2204	752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	42
PID 752 wrote to memory of 2204	752	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	42
PID 1184 wrote to memory of 2976	1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	43
PID 1184 wrote to memory of 2976	1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	43
PID 1184 wrote to memory of 2976	1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	43
PID 1184 wrote to memory of 2976	1184	17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        9⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        8⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:848
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8532
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8524
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:10636
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2828
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:10484
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:10308
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:6932
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:10112
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        7⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:9716
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:340
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8636
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:9096
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8948
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:6324
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:10476
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        6⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2136
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:10204
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8512
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:10356
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:2380
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:7312
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:9724
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:5356
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:10492
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
      4⤵
      PID:7216
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
    3⤵
    PID:368
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  PID:3396
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  PID:5104
- C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\17635e63d3b7a5679e82e95ed4ddc730_NeikiAnalytics.exe"
  2⤵
  PID:10216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang sperm uncut .zip.exe

Filesize
348KB

MD5
dfc51b35c745f44b5fbdb1db22b5d647

SHA1
2dd7eb11e062d43e0a3b0991e97cdabb55f85676

SHA256
bccaf3830eccb055227f88b9f5711eaedf10fb058475ae6777aeb888043a05b3

SHA512
bde43a0eb284d5bce11eb4db42ef0a52046be7006db4493413d6caa83c61ab605ccab35552b08baeb17c2f30aa0c1df89f9b3d96ab69da31174e703cc58b2518

Download Submit
memory/320-173-0x0000000001DC0000-0x0000000001DDC000-memory.dmp

Filesize
112KB

Download
memory/320-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/320-169-0x0000000001DC0000-0x0000000001DDC000-memory.dmp

Filesize
112KB

Download
memory/400-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/548-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/608-147-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/616-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/616-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/752-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/752-126-0x00000000044F0000-0x000000000450C000-memory.dmp

Filesize
112KB

Download
memory/1184-149-0x0000000004910000-0x000000000492C000-memory.dmp

Filesize
112KB

Download
memory/1184-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1184-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1308-170-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1380-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1396-158-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1500-72-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1500-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1500-69-0x0000000004C40000-0x0000000004C5C000-memory.dmp

Filesize
112KB

Download
memory/1500-89-0x0000000004A60000-0x0000000004A7C000-memory.dmp

Filesize
112KB

Download
memory/1500-8-0x0000000004A60000-0x0000000004A7C000-memory.dmp

Filesize
112KB

Download
memory/1500-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1500-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1500-109-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1532-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1608-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1628-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1628-209-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/1648-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1652-111-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1672-171-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1708-220-0x0000000001EB0000-0x0000000001ECC000-memory.dmp

Filesize
112KB

Download
memory/1708-164-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1728-199-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/1728-203-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/1728-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1820-145-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1824-146-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-154-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-150-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-198-0x00000000045D0000-0x00000000045EC000-memory.dmp

Filesize
112KB

Download
memory/2120-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2148-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2148-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-222-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2204-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-210-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2232-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-213-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2320-103-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-121-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2396-98-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/2396-57-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2396-112-0x0000000004A50000-0x0000000004A6C000-memory.dmp

Filesize
112KB

Download
memory/2396-96-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2396-66-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/2428-163-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2532-151-0x0000000004930000-0x000000000494C000-memory.dmp

Filesize
112KB

Download
memory/2532-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2532-99-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2532-67-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2532-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2536-208-0x00000000007F0000-0x000000000080C000-memory.dmp

Filesize
112KB

Download
memory/2536-202-0x00000000007F0000-0x000000000080C000-memory.dmp

Filesize
112KB

Download
memory/2536-159-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2648-160-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-207-0x00000000047E0000-0x00000000047FC000-memory.dmp

Filesize
112KB

Download
memory/2692-214-0x00000000047E0000-0x00000000047FC000-memory.dmp

Filesize
112KB

Download
memory/2700-120-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2728-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2764-148-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2776-125-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2776-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2780-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2780-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2848-70-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2848-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2872-215-0x0000000004A40000-0x0000000004A5C000-memory.dmp

Filesize
112KB

Download
memory/2872-162-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2900-56-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2900-110-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2900-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2900-9-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2900-95-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2900-71-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2940-127-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2964-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2976-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3000-128-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-68-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-100-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3032-93-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/3032-118-0x00000000047C0000-0x00000000047DC000-memory.dmp

Filesize
112KB

Download
memory/3648-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3680-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3688-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3976-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download