8b5c44272c1d04183602b52e5f1c45162370727efe2c15b7b8db4cd85adcc5d1

Analysis

max time kernel
15s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
Size

1.6MB
MD5

176c592c62f5101a451913f9be689c20
SHA1

dc375f2c19c2e3b6c3f6194734d8d31664d66023
SHA256

8b5c44272c1d04183602b52e5f1c45162370727efe2c15b7b8db4cd85adcc5d1
SHA512

c120830a561ff457362915893b8f0bd4f8b5d6c918f4f3102699dc574845ccd589216279ecbfe44274ef0feb7ef3c37201c8075b48d8480b9d3262a9f767d2e9
SSDEEP

49152:Qo5Y+s+drydjm6XTlmhTOnS897LDKZqlGwx:Qes+dUaKTl+gSMCZ8Gwx

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000014ec4-5.dat	upx
behavioral1/memory/2000-10-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2520-53-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2576-54-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2652-67-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2624-65-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1152-68-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2516-71-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2000-70-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1904-85-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2520-88-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1908-89-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2576-90-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2624-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2652-96-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2424-97-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/852-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2440-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2516-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1904-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1152-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1908-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1240-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2648-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1948-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/760-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2664-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2004-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1108-117-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1536-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2468-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2752-109-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1532-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1952-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1016-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1468-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1224-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1948-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/952-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2664-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2468-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2004-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2648-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2752-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/852-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2440-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1984-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1016-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1468-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1456-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2788-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1972-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2968-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1984-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2188-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1680-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/804-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1912-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2192-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2028-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2876-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1680-161-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3000-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\R:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\V:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\G:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\I:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\M:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\E:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\H:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\K:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\L:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\P:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\S:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\W:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\A:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\B:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\J:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\X:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\N:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\T:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File opened (read-only)	\??\U:	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\lesbian masturbation feet young .avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian beastiality bukkake full movie lady (Christine,Curtney).mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot fucking big titts .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese horse sperm full movie (Sarah).mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore public upskirt (Jenna,Melissa).avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish cum xxx voyeur hairy (Jenna,Janette).mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish action bukkake lesbian cock .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian action blowjob hidden titts .avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american beastiality blowjob masturbation .avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cumshot beast [milf] (Karin).avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\black cum blowjob catfight glans boots (Sarah).mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black kicking xxx [bangbus] cock .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie catfight cock 50+ .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian gang bang beast sleeping (Janette).avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish nude xxx licking shoes (Christine,Janette).rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian horse blowjob hidden girly .avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling voyeur (Samantha).mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\bukkake public girly (Sonja,Karin).mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\american gang bang beast uncut .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\sperm public feet sweet .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian cum trambling girls .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian big castration (Britney,Tatjana).zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\gay big .zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish action hardcore lesbian beautyfull .zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish handjob trambling voyeur girly .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish nude horse girls (Karin).zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beast hidden bondage (Britney,Samantha).rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese nude beast sleeping titts YEâPSè& (Liz).zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian animal xxx [milf] swallow .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian horse gay hot (!) stockings .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\black horse gay [free] 50+ .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx girls blondie .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob gay hot (!) feet high heels .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling [bangbus] gorgeoushorny (Kathrin,Samantha).rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\kicking sperm hot (!) feet .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian fetish hardcore catfight hole .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american kicking lingerie licking glans .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black action bukkake [bangbus] upskirt .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie full movie glans bedroom (Samantha).avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian cum trambling hidden .avi.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\indian animal gay masturbation .zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black action horse girls girly .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian nude horse hidden .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\hardcore licking cock hotel (Curtney).mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\security\templates\bukkake [milf] .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian cumshot gay big bedroom (Jenna,Tatjana).zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish action gay sleeping .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black horse blowjob [bangbus] ¼ç .zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob [bangbus] cock upskirt .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\trambling [bangbus] beautyfull .mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american cumshot sperm lesbian glans .rar.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian licking glans (Anniston,Karin).mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american cumshot trambling [free] hole shower (Sylvia).zip.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\russian cumshot sperm [free] .mpeg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian action sperm lesbian titts young (Sylvia).mpg.exe	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1240	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1908	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
760	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1108	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1536	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1532	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1952	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2440	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
852	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2752	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2648	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1240	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1908	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
760	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2468	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2664	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1108	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1948	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2004	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1224	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
952	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1016	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1536	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1532	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
1468	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2788	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2000	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	28
PID 1152 wrote to memory of 2000	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	28
PID 1152 wrote to memory of 2000	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	28
PID 1152 wrote to memory of 2000	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	28
PID 1152 wrote to memory of 2520	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 2520	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 2520	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	29
PID 1152 wrote to memory of 2520	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	29
PID 2000 wrote to memory of 2576	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	30
PID 2000 wrote to memory of 2576	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	30
PID 2000 wrote to memory of 2576	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	30
PID 2000 wrote to memory of 2576	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	30
PID 2520 wrote to memory of 2624	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	31
PID 2520 wrote to memory of 2624	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	31
PID 2520 wrote to memory of 2624	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	31
PID 2520 wrote to memory of 2624	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	31
PID 1152 wrote to memory of 2652	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2652	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2652	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	32
PID 1152 wrote to memory of 2652	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	32
PID 2000 wrote to memory of 2516	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	33
PID 2000 wrote to memory of 2516	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	33
PID 2000 wrote to memory of 2516	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	33
PID 2000 wrote to memory of 2516	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	33
PID 2576 wrote to memory of 2424	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	34
PID 2576 wrote to memory of 2424	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	34
PID 2576 wrote to memory of 2424	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	34
PID 2576 wrote to memory of 2424	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	34
PID 2520 wrote to memory of 1904	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	35
PID 2520 wrote to memory of 1904	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	35
PID 2520 wrote to memory of 1904	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	35
PID 2520 wrote to memory of 1904	2520	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	35
PID 2624 wrote to memory of 1240	2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	36
PID 2624 wrote to memory of 1240	2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	36
PID 2624 wrote to memory of 1240	2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	36
PID 2624 wrote to memory of 1240	2624	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	36
PID 1152 wrote to memory of 1908	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 1908	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 1908	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	37
PID 1152 wrote to memory of 1908	1152	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	37
PID 2576 wrote to memory of 760	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	38
PID 2576 wrote to memory of 760	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	38
PID 2576 wrote to memory of 760	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	38
PID 2576 wrote to memory of 760	2576	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	38
PID 2000 wrote to memory of 1108	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	39
PID 2000 wrote to memory of 1108	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	39
PID 2000 wrote to memory of 1108	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	39
PID 2000 wrote to memory of 1108	2000	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	39
PID 2652 wrote to memory of 1536	2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	40
PID 2652 wrote to memory of 1536	2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	40
PID 2652 wrote to memory of 1536	2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	40
PID 2652 wrote to memory of 1536	2652	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	40
PID 2516 wrote to memory of 1532	2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	41
PID 2516 wrote to memory of 1532	2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	41
PID 2516 wrote to memory of 1532	2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	41
PID 2516 wrote to memory of 1532	2516	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	41
PID 2424 wrote to memory of 1952	2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	42
PID 2424 wrote to memory of 1952	2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	42
PID 2424 wrote to memory of 1952	2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	42
PID 2424 wrote to memory of 1952	2424	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	42
PID 1904 wrote to memory of 2440	1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	44
PID 1904 wrote to memory of 2440	1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	44
PID 1904 wrote to memory of 2440	1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	44
PID 1904 wrote to memory of 2440	1904	176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe	44

C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:12160
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:9908
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11392
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:10104
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:9944
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:5180
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:9872
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11856
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11964
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11924
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:5920
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:11424
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        6⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:9896
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11956
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:11400
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:5932
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:9980
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:12168
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:12216
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:12272
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:7180
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:9960
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:5972
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:1512
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  PID:3452
- - C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
    3⤵
    PID:6580
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  PID:4860
- C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\176c592c62f5101a451913f9be689c20_NeikiAnalytics.exe"
  2⤵
  PID:11436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish action hardcore lesbian beautyfull .zip.exe

Filesize
2.0MB

MD5
b8abfbc1cbc3e122c2325e88d497347c

SHA1
aaec799fde6ceb109fe4668f3a56b840dc737c9b

SHA256
03b0c1f66fc41bcee9710d8f062b9d72c5269b9cfa3b3f0fcc2aa2980c99deb8

SHA512
3df31d2c1a8e0b3e671e2b5087bb0bd9183273831e0ee291044be4825483f4de3a21e321407db11dd10c816a1a10b290135123b6d038d08c3635cd13cde7f368

Download Submit
memory/760-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/804-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/852-141-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/852-150-0x00000000047B0000-0x00000000047CD000-memory.dmp

Filesize
116KB

Download
memory/852-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/852-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/952-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1016-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1016-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1108-179-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/1108-183-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/1108-117-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1152-51-0x00000000048C0000-0x00000000048DD000-memory.dmp

Filesize
116KB

Download
memory/1152-69-0x00000000045F0000-0x000000000460D000-memory.dmp

Filesize
116KB

Download
memory/1152-68-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1152-84-0x00000000048C0000-0x00000000048DD000-memory.dmp

Filesize
116KB

Download
memory/1152-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1152-66-0x00000000048C0000-0x00000000048DD000-memory.dmp

Filesize
116KB

Download
memory/1152-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1152-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1152-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1224-207-0x0000000004A70000-0x0000000004A8D000-memory.dmp

Filesize
116KB

Download
memory/1224-168-0x00000000044E0000-0x00000000044FD000-memory.dmp

Filesize
116KB

Download
memory/1224-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1240-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1456-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1468-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1468-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1532-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1532-199-0x00000000045F0000-0x000000000460D000-memory.dmp

Filesize
116KB

Download
memory/1536-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1680-161-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1680-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1904-85-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1904-145-0x0000000004910000-0x000000000492D000-memory.dmp

Filesize
116KB

Download
memory/1904-124-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/1904-103-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/1904-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1908-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1908-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1912-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1912-204-0x0000000001DE0000-0x0000000001DFD000-memory.dmp

Filesize
116KB

Download
memory/1948-167-0x0000000004800000-0x000000000481D000-memory.dmp

Filesize
116KB

Download
memory/1948-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1952-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1972-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1984-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2000-52-0x00000000045C0000-0x00000000045DD000-memory.dmp

Filesize
116KB

Download
memory/2000-87-0x00000000045C0000-0x00000000045DD000-memory.dmp

Filesize
116KB

Download
memory/2000-10-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2000-70-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2004-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2004-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2004-217-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/2028-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2188-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2192-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-97-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2440-216-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/2440-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2440-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2468-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2468-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2468-205-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/2468-201-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/2516-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2516-71-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2520-88-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2520-91-0x00000000044B0000-0x00000000044CD000-memory.dmp

Filesize
116KB

Download
memory/2520-210-0x0000000004500000-0x000000000451D000-memory.dmp

Filesize
116KB

Download
memory/2520-104-0x00000000044F0000-0x000000000450D000-memory.dmp

Filesize
116KB

Download
memory/2520-53-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2532-211-0x0000000004680000-0x000000000469D000-memory.dmp

Filesize
116KB

Download
memory/2576-90-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2576-54-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2624-86-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2624-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2624-108-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2624-65-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2648-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2648-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2652-200-0x0000000004920000-0x000000000493D000-memory.dmp

Filesize
116KB

Download
memory/2652-96-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2652-67-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2664-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2664-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2752-109-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2752-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2788-171-0x0000000004900000-0x000000000491D000-memory.dmp

Filesize
116KB

Download
memory/2788-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2876-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2912-208-0x00000000047D0000-0x00000000047ED000-memory.dmp

Filesize
116KB

Download
memory/2968-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3000-206-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/3000-209-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/3000-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3628-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download