ad9c0185cddd3c37d6fb9831a059dbb4d0890873f95a72f62112f1d8264f6340

Analysis

max time kernel
27s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
Size

928KB
MD5

287b255a964cac22f1b3eaf40d66d400
SHA1

53f1652e09da85e31134a4190d8878b752b5b709
SHA256

ad9c0185cddd3c37d6fb9831a059dbb4d0890873f95a72f62112f1d8264f6340
SHA512

d75052c1bab0b46b882ec64c168057bb5fff2204934319221635d55f1c13f47f25eb5083fc866d84b1eae89e522d5db2a589324e162b16e27315194993b0e8f7
SSDEEP

24576:VOSIzJzZYMMF6oghoggP5NwlL6ZpT39Q0s4JASO0:lIzpaMxoghNgPjwlmZiAAX0

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000014726-5.dat	upx
behavioral1/memory/2464-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3020-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2800-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2620-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2308-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1200-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1696-98-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2512-97-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2308-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2660-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1692-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2672-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2992-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1200-113-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2620-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2800-108-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3020-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1740-101-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2464-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2092-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2512-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2524-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1740-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/488-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1304-121-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1692-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2660-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/816-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2992-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1144-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2092-127-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1824-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/816-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1304-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2236-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/488-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2076-131-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1252-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2524-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2948-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1144-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1136-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2076-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1252-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2236-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/320-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1932-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2764-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2852-153-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2728-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2900-154-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1804-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1172-151-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1868-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2264-163-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2696-162-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2428-161-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2688-160-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2476-159-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2116-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2296-158-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\T:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\W:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\X:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\G:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\H:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\I:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\J:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\K:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\L:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\A:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\B:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\S:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\U:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\E:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\M:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\R:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\V:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\O:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File opened (read-only)	\??\P:	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\japanese kicking kicking voyeur .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fetish nude voyeur cock (Janette).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking licking (Sarah).mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\british horse lingerie sleeping .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\british fucking hardcore [milf] glans upskirt .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\norwegian beastiality porn catfight vagina bedroom .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore cumshot [free] legs girly (Jade).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian fetish voyeur vagina penetration .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\black nude catfight boots .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lesbian lesbian .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\asian cum several models pregnant .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian fetish several models balls (Sarah,Sandy).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian porn lesbian (Christine,Kathrin).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian [milf] cock (Sonja,Sylvia).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\trambling cum full movie .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian lesbian porn full movie cock upskirt (Christine).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\chinese hardcore masturbation cock pregnant (Tatjana,Jenna).mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\norwegian beastiality girls ejaculation (Tatjana,Liz).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\chinese animal big vagina .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black cum blowjob full movie feet wifey .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\british lingerie big penetration .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\german horse public boobs shower .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gang bang uncut legs .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\spanish handjob catfight hairy (Ashley,Sonja).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african beastiality beastiality [bangbus] castration .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british lingerie voyeur hotel .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beastiality horse public leather .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beastiality porn [milf] .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese beastiality lesbian [milf] .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french gang bang [milf] young .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\swedish animal lesbian swallow .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian nude masturbation .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\cum [free] boobs .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish horse sperm hot (!) .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian hidden vagina .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\animal sperm masturbation titts ìï (Jade).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish animal animal masturbation (Curtney,Janette).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\gang bang public balls .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\handjob gay several models .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian beast licking (Samantha,Sylvia).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lingerie several models nipples 50+ .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\malaysia trambling hardcore big glans YEâPSè& .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese gang bang sleeping hole leather (Jade).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\lesbian fucking several models balls .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\italian blowjob big glans mistress .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian hardcore cum [milf] hotel .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\norwegian kicking licking nipples 40+ (Tatjana).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\horse [bangbus] young .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking lesbian legs (Gina,Ashley).mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish trambling uncut cock .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\asian porn [milf] boobs blondie .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\chinese fetish public boobs .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\sperm [free] titts stockings .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian blowjob blowjob uncut young .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\hardcore nude [milf] traffic .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian horse beast girls titts beautyfull .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\fetish beastiality catfight legs .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cumshot uncut ash (Sandy,Sylvia).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\security\templates\british xxx beastiality public (Curtney).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude sleeping granny (Tatjana).mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\kicking animal catfight .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian gay beastiality licking fishy .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese hardcore beast voyeur glans blondie (Sylvia,Tatjana).zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\swedish horse cum full movie vagina .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gang bang kicking [free] shoes .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse horse [free] .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\italian xxx porn girls (Liz).mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese cum catfight boobs (Samantha,Anniston).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob hardcore hot (!) hole .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian gang bang horse hot (!) high heels .mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\black lingerie cum voyeur .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\tyrkish animal sperm voyeur balls .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gang bang action masturbation .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\russian trambling cumshot hot (!) ejaculation (Karin,Melissa).mpg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian cum lingerie voyeur hotel (Christine).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\african action kicking full movie .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish animal licking (Jade,Kathrin).rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian trambling beastiality girls black hairunshaved .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african nude uncut .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\trambling [bangbus] ash (Jenna,Christine).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\danish trambling [milf] .avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gay licking boots .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\french sperm fetish catfight femdom .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\InstallTemp\brasilian handjob several models legs high heels (Sandy).avi.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\malaysia beast animal full movie titts .rar.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian hardcore cumshot voyeur hole .mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german lingerie full movie gorgeoushorny (Kathrin,Tatjana).mpeg.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian kicking gay hidden balls .zip.exe	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1740	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1692	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2660	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2992	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2948	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1824	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2092	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2524	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
488	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1304	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
816	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1252	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1136	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2076	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1144	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1740	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2236	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2236	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2660	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2660	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1692	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1692	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2992	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2992	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1868	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1868	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1804	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1804	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1172	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
1172	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2464	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 2464	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 2464	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 2464	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	28
PID 2464 wrote to memory of 3020	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	29
PID 2464 wrote to memory of 3020	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	29
PID 2464 wrote to memory of 3020	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	29
PID 2464 wrote to memory of 3020	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	29
PID 2512 wrote to memory of 2672	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	30
PID 2512 wrote to memory of 2672	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	30
PID 2512 wrote to memory of 2672	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	30
PID 2512 wrote to memory of 2672	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	30
PID 3020 wrote to memory of 2800	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	31
PID 3020 wrote to memory of 2800	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	31
PID 3020 wrote to memory of 2800	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	31
PID 3020 wrote to memory of 2800	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	31
PID 2464 wrote to memory of 2620	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	32
PID 2464 wrote to memory of 2620	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	32
PID 2464 wrote to memory of 2620	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	32
PID 2464 wrote to memory of 2620	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	32
PID 2672 wrote to memory of 2308	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	33
PID 2672 wrote to memory of 2308	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	33
PID 2672 wrote to memory of 2308	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	33
PID 2672 wrote to memory of 2308	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	33
PID 2512 wrote to memory of 1200	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 1200	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 1200	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 1200	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	34
PID 2800 wrote to memory of 1696	2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	35
PID 2800 wrote to memory of 1696	2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	35
PID 2800 wrote to memory of 1696	2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	35
PID 2800 wrote to memory of 1696	2800	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	35
PID 2464 wrote to memory of 1740	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	37
PID 2464 wrote to memory of 1740	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	37
PID 2464 wrote to memory of 1740	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	37
PID 2464 wrote to memory of 1740	2464	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	37
PID 2308 wrote to memory of 1692	2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	36
PID 2308 wrote to memory of 1692	2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	36
PID 2308 wrote to memory of 1692	2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	36
PID 2308 wrote to memory of 1692	2308	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	36
PID 3020 wrote to memory of 2660	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	38
PID 3020 wrote to memory of 2660	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	38
PID 3020 wrote to memory of 2660	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	38
PID 3020 wrote to memory of 2660	3020	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	38
PID 2672 wrote to memory of 2992	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	39
PID 2672 wrote to memory of 2992	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	39
PID 2672 wrote to memory of 2992	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	39
PID 2672 wrote to memory of 2992	2672	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	39
PID 2512 wrote to memory of 1824	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	40
PID 2512 wrote to memory of 1824	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	40
PID 2512 wrote to memory of 1824	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	40
PID 2512 wrote to memory of 1824	2512	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	40
PID 2620 wrote to memory of 2948	2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	41
PID 2620 wrote to memory of 2948	2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	41
PID 2620 wrote to memory of 2948	2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	41
PID 2620 wrote to memory of 2948	2620	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	41
PID 1200 wrote to memory of 2092	1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	42
PID 1200 wrote to memory of 2092	1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	42
PID 1200 wrote to memory of 2092	1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	42
PID 1200 wrote to memory of 2092	1200	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	42
PID 1696 wrote to memory of 2524	1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	43
PID 1696 wrote to memory of 2524	1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	43
PID 1696 wrote to memory of 2524	1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	43
PID 1696 wrote to memory of 2524	1696	287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        10⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:19932
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:19656
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:19236
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19260
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19712
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        9⤵
        
        PID:19608
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:19552
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19924
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19856
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19752
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19228
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:21272
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19728
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19568
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19956
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:21296
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19940
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:20332
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19560
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:20160
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16704
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:19476
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19876
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:21288
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19736
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:18712
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19584
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19220
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:21304
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19500
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19492
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19900
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16876
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19996
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19532
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19484
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:12164
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:18692
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:21472
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19460
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:17396
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:20960
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:20880
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:20324
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:20312
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19972
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19616
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:20012
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:18620
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19964
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:21464
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19720
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19576
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:18676
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:18296
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:12776
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:5828
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:19592
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        7⤵
        
        PID:19980
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19892
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:20888
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:19764
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:20184
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19988
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:20224
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19508
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:20192
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19648
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:13992
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:7828
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:17368
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        6⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19832
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19912
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:20004
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:19884
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:18628
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19600
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:6324
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:19524
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
        5⤵
        
        PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:11808
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:6204
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:10100
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:20040
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
      4⤵
      PID:19840
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:6852
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:10712
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:14224
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  PID:3564
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:7304
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:11008
- - C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
    3⤵
    PID:19516
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  PID:5988
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  PID:8664
- C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\287b255a964cac22f1b3eaf40d66d400_NeikiAnalytics.exe"
  2⤵
  PID:18612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\spanish handjob catfight hairy (Ashley,Sonja).avi.exe

Filesize
940KB

MD5
3b34cb492fb02eba31dd445f5d0804aa

SHA1
dd457d7e017816f88061763b5903d26a03ea8a9c

SHA256
4e9edb972564978bdd0a0c6ff79c1ea167f9f3b718c5f152cf02e9dcdb3ba6d3

SHA512
130e4ec2c124be3108c13eb72465af8342f42192591f25ea6585291d37b1620f60831d0337319737ef0b0bb17c64f35431fbed3fc798f42947aaa5b70bab70be

Download Submit
memory/320-168-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/320-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/488-164-0x0000000001E90000-0x0000000001EAE000-memory.dmp

Filesize
120KB

Download
memory/488-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/488-144-0x0000000001E90000-0x0000000001EAE000-memory.dmp

Filesize
120KB

Download
memory/488-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1136-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1144-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1144-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1172-151-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1252-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1252-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1304-170-0x0000000004540000-0x000000000455E000-memory.dmp

Filesize
120KB

Download
memory/1304-121-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1304-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1304-149-0x0000000004540000-0x000000000455E000-memory.dmp

Filesize
120KB

Download
memory/1692-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1692-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1696-98-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1696-166-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/1696-146-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/1704-169-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1740-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1804-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1824-137-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1824-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1868-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1868-181-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1932-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1932-165-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2076-131-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2076-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2092-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2092-127-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2116-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2296-158-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2296-175-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2308-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2308-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2424-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2428-178-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2428-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2444-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2460-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2464-102-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2464-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2464-93-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/2464-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2464-88-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2476-176-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2476-159-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-97-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-305-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-58-0x0000000001E20000-0x0000000001E3E000-memory.dmp

Filesize
120KB

Download
memory/2512-112-0x0000000004630000-0x000000000464E000-memory.dmp

Filesize
120KB

Download
memory/2512-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-99-0x0000000001E20000-0x0000000001E3E000-memory.dmp

Filesize
120KB

Download
memory/2512-486-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2512-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2524-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2524-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2660-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2660-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2672-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2688-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2688-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2696-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2696-162-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2728-173-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2728-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2740-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2764-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2764-171-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2800-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2800-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2800-114-0x0000000004B90000-0x0000000004BAE000-memory.dmp

Filesize
120KB

Download
memory/2852-172-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2880-174-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2900-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-167-0x0000000002110000-0x000000000212E000-memory.dmp

Filesize
120KB

Download
memory/2992-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-91-0x00000000046D0000-0x00000000046EE000-memory.dmp

Filesize
120KB

Download
memory/3020-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3020-106-0x00000000046D0000-0x00000000046EE000-memory.dmp

Filesize
120KB

Download