969f828f8e61f6b7bcb6977501890768b173385d75fc3f473fcb8e46cce8bbdf

Analysis

max time kernel
18s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 05:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
Size

2.0MB
MD5

852830550ce417ac2d2f167e105fa4c0
SHA1

8431d315df6c32d1199235455a4709bfaa3fdbeb
SHA256

969f828f8e61f6b7bcb6977501890768b173385d75fc3f473fcb8e46cce8bbdf
SHA512

2609802a4f0ebaa6e6bb5162caea2b5d045c53bd26555ffd1ce8f50e8dc43b2c6c187f5c28603687bbba13ebdaa572792d35a2548ca485ed7c6eebfabbd361e1
SSDEEP

24576:CA3MtJ6VNaGwckWbmIcj2WXfKxCMKFDXD+7GMe3yRDLvypPn1ADXmjVQ1U1WONWZ:d+mgckAmvzMUDXxMevn1ADCQ+qBz

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2660-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-5.dat	upx
behavioral1/memory/2944-17-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2512-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1696-58-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/804-73-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/800-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2660-71-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/936-74-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2324-70-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2944-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2324-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/804-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/800-97-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1684-101-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/936-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1696-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2136-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2512-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2296-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1792-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2552-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1848-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3020-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2136-111-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2660-110-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1696-113-0x0000000004910000-0x000000000492F000-memory.dmp	upx
behavioral1/memory/1140-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2188-121-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1684-120-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/680-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1968-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1548-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1252-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1740-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2304-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1764-131-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1316-130-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2964-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1792-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2012-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2156-134-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/524-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2552-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2348-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2096-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2844-144-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1548-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1740-145-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3028-142-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1604-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2188-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1140-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2576-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2304-147-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2964-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1316-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2004-151-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2908-150-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/368-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2012-153-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2348-154-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2900-159-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\black cum public vagina .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish action masturbation bedroom (Sonja,Kathrin).avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\german lingerie kicking hot (!) lady .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\american horse big cock .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish [free] (Anniston,Liz).rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gay uncut legs \× (Sonja,Ashley).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\african xxx full movie circumcision .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\kicking hidden latex .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\trambling sperm hidden girly .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking hardcore hidden .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\danish gay trambling masturbation feet ash .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\asian porn xxx voyeur ash mature .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish action [milf] (Tatjana,Sonja).rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\malaysia lesbian hardcore full movie .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african lingerie hidden mistress .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake voyeur vagina (Christine).rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie beastiality licking .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beast gang bang [bangbus] blondie (Karin,Sarah).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay gang bang full movie mistress .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\chinese porn blowjob [milf] feet hairy .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling [milf] sm (Sonja,Kathrin).avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cum [free] hotel .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\animal hidden legs wifey .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish porn catfight YEâPSè& (Janette,Sylvia).rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gang bang several models granny .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish lingerie several models .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\brasilian beastiality public black hairunshaved (Karin).avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot several models cock granny .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\canadian lingerie hardcore [bangbus] beautyfull .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian nude cum catfight .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\beast hidden ash .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish animal public glans .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob girls cock .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\lesbian kicking [bangbus] boobs .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian beast horse big vagina girly .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\tyrkish sperm lesbian hole sm .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake lingerie several models ash (Jade,Jenna).avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lingerie catfight .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish fetish girls cock young .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish handjob kicking public nipples .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse trambling [milf] boobs .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian blowjob catfight .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\italian sperm lesbian boobs .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish blowjob animal uncut .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish cum handjob girls .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\russian handjob uncut boots .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french cumshot full movie leather .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\hardcore fucking hidden traffic .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\action xxx licking cock .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish beast licking legs blondie .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french lingerie nude hot (!) (Liz).rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia lesbian horse several models ejaculation (Britney).mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\spanish horse sperm several models latex (Karin,Kathrin).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\kicking lesbian ¼ç .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\bukkake kicking lesbian lady (Curtney).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\fetish uncut vagina .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian trambling hidden .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm fetish public ash .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish beastiality gay [milf] (Jenna).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\canadian cumshot lingerie uncut redhair .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\german beastiality hardcore hot (!) granny (Sonja).zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie [bangbus] boots (Britney).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\asian animal gang bang voyeur high heels .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american nude voyeur pregnant (Liz).mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian hardcore girls ash (Sonja,Sarah).mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian kicking nude licking traffic .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian horse animal masturbation swallow .mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\swedish action porn full movie circumcision .rar.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\kicking [bangbus] .avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\spanish lesbian trambling [bangbus] ejaculation .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\african lingerie several models upskirt .mpg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish fetish cumshot girls femdom (Kathrin).mpeg.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast cum public latex .zip.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian animal sperm several models penetration (Britney).avi.exe	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2136	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2296	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
3020	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
680	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1968	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1848	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1252	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1684	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1792	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1764	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2552	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2136	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2156	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
524	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2188	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
680	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1140	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1548	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
3020	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
3020	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1740	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1740	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2304	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2304	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1684	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1684	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1968	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1968	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2964	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2964	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
1316	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2944	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	28
PID 2660 wrote to memory of 2944	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	28
PID 2660 wrote to memory of 2944	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	28
PID 2660 wrote to memory of 2944	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	28
PID 2944 wrote to memory of 2512	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	29
PID 2944 wrote to memory of 2512	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	29
PID 2944 wrote to memory of 2512	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	29
PID 2944 wrote to memory of 2512	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 1696	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	30
PID 2660 wrote to memory of 1696	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	30
PID 2660 wrote to memory of 1696	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	30
PID 2660 wrote to memory of 1696	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	30
PID 2944 wrote to memory of 800	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	32
PID 2944 wrote to memory of 800	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	32
PID 2944 wrote to memory of 800	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	32
PID 2944 wrote to memory of 800	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	32
PID 1696 wrote to memory of 2324	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	31
PID 1696 wrote to memory of 2324	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	31
PID 1696 wrote to memory of 2324	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	31
PID 1696 wrote to memory of 2324	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	31
PID 2660 wrote to memory of 804	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	33
PID 2660 wrote to memory of 804	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	33
PID 2660 wrote to memory of 804	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	33
PID 2660 wrote to memory of 804	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	33
PID 2512 wrote to memory of 936	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 936	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 936	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	34
PID 2512 wrote to memory of 936	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	34
PID 2944 wrote to memory of 2136	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	36
PID 2944 wrote to memory of 2136	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	36
PID 2944 wrote to memory of 2136	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	36
PID 2944 wrote to memory of 2136	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	36
PID 1696 wrote to memory of 2296	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	37
PID 1696 wrote to memory of 2296	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	37
PID 1696 wrote to memory of 2296	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	37
PID 1696 wrote to memory of 2296	1696	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	37
PID 800 wrote to memory of 3020	800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	35
PID 800 wrote to memory of 3020	800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	35
PID 800 wrote to memory of 3020	800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	35
PID 800 wrote to memory of 3020	800	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	35
PID 2660 wrote to memory of 680	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	38
PID 2660 wrote to memory of 680	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	38
PID 2660 wrote to memory of 680	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	38
PID 2660 wrote to memory of 680	2660	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	38
PID 2324 wrote to memory of 1848	2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	39
PID 2324 wrote to memory of 1848	2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	39
PID 2324 wrote to memory of 1848	2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	39
PID 2324 wrote to memory of 1848	2324	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	39
PID 936 wrote to memory of 1968	936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	40
PID 936 wrote to memory of 1968	936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	40
PID 936 wrote to memory of 1968	936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	40
PID 936 wrote to memory of 1968	936	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	40
PID 804 wrote to memory of 1684	804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	41
PID 804 wrote to memory of 1684	804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	41
PID 804 wrote to memory of 1684	804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	41
PID 804 wrote to memory of 1684	804	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	41
PID 2512 wrote to memory of 1252	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	42
PID 2512 wrote to memory of 1252	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	42
PID 2512 wrote to memory of 1252	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	42
PID 2512 wrote to memory of 1252	2512	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	42
PID 2944 wrote to memory of 1792	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	43
PID 2944 wrote to memory of 1792	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	43
PID 2944 wrote to memory of 1792	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	43
PID 2944 wrote to memory of 1792	2944	852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        9⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11424
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:916
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11752
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11832
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:12284
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11608
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11432
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4656
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11768
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:5476
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11196
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11384
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11440
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2776
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:12164
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11940
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:11272
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:804
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        7⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11616
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11588
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11408
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:12212
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11864
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:12108
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        6⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:7060
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:12044
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:7104
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:11808
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
        5⤵
        
        PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11696
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6196
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:11760
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:7700
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:11912
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:7048
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:6464
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:7580
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  PID:3604
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
      4⤵
      PID:7520
- - C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
    3⤵
    PID:12036
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  PID:5332
- C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\852830550ce417ac2d2f167e105fa4c0_NeikiAnalytics.exe"
  2⤵
  PID:11536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\animal hidden legs wifey .rar.exe

Filesize
821KB

MD5
4c82112ee95c497d5e29c7e152221929

SHA1
282dfcb56d01ea2f58c5e97beae12ddd42f70f8c

SHA256
16588ba80dd1818c7459c5d5d9f98799140025f65978a4627f45f8adf776579a

SHA512
4ffcee10f352a094ce5fdc27edc22289009feafe55b65b424b6a93bdf5574a04d6dd6a161b35eee6e955c533672c929b6192a9c931596715573355898d608d00

Download Submit
memory/368-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/524-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/544-179-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/680-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/800-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/800-155-0x00000000045D0000-0x00000000045EF000-memory.dmp

Filesize
124KB

Download
memory/800-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/804-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/804-203-0x00000000046E0000-0x00000000046FF000-memory.dmp

Filesize
124KB

Download
memory/804-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/804-167-0x00000000046E0000-0x00000000046FF000-memory.dmp

Filesize
124KB

Download
memory/936-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/936-74-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1104-176-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1140-168-0x0000000001EC0000-0x0000000001EDF000-memory.dmp

Filesize
124KB

Download
memory/1140-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1140-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1252-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1316-130-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1316-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1344-177-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1528-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1548-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1548-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1604-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-101-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1684-204-0x0000000004920000-0x000000000493F000-memory.dmp

Filesize
124KB

Download
memory/1684-120-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1696-95-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1696-68-0x0000000004900000-0x000000000491F000-memory.dmp

Filesize
124KB

Download
memory/1696-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1696-113-0x0000000004910000-0x000000000492F000-memory.dmp

Filesize
124KB

Download
memory/1696-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1740-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1740-145-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1740-184-0x00000000047C0000-0x00000000047DF000-memory.dmp

Filesize
124KB

Download
memory/1764-131-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1792-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1792-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1848-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1968-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2004-151-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2012-153-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2012-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2096-156-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2096-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2136-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2136-111-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2156-134-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2188-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2188-121-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2296-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2304-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2304-147-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2324-70-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2324-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2340-172-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2348-154-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2348-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2444-171-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2448-170-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2452-175-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2496-173-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2512-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2512-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2536-166-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2552-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2552-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2556-169-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2576-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2588-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-110-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-273-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-16-0x00000000055C0000-0x00000000055DF000-memory.dmp

Filesize
124KB

Download
memory/2660-193-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-71-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-90-0x00000000055C0000-0x00000000055DF000-memory.dmp

Filesize
124KB

Download
memory/2844-160-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2844-144-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2900-159-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2908-150-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2944-56-0x0000000004A40000-0x0000000004A5F000-memory.dmp

Filesize
124KB

Download
memory/2944-125-0x0000000004A60000-0x0000000004A7F000-memory.dmp

Filesize
124KB

Download
memory/2944-69-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2944-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2944-102-0x0000000004A50000-0x0000000004A6F000-memory.dmp

Filesize
124KB

Download
memory/2944-17-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2964-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2964-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3020-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3020-174-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/3020-164-0x00000000047D0000-0x00000000047EF000-memory.dmp

Filesize
124KB

Download
memory/3028-142-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3028-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3048-165-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3552-199-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download