f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62

Analysis

max time kernel
23s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
Size

821KB
MD5

c04f3e8305d716dfe959f5e1481d77a0
SHA1

7805690c0525f44fb663269d9581dd9093e405c9
SHA256

f27d2fae6b3839ea442c63354ad68be5714a3dc4974c8367211e54a86fea6a62
SHA512

de38edafce02aa38f803ce927512d90f7e2437a66541136fb87ec28a520707372cf419db199bd08d8949f6a6375806a9b2d5569d9761a87c1348936a0fb7f20e
SSDEEP

12288:0EQoSCG2bT2gnPc8hAWyNoa6irY/ejMjTyDcEQRTY8off0hHOS9/t0fXj0Meh:0CvcDXNoa6ic/2iTyDART430ES12w

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-10-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000015c69-5.dat	upx
behavioral1/memory/2172-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3040-55-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1972-71-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/556-72-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1492-73-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2844-68-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2008-91-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2172-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3040-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3048-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2560-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2844-97-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/556-101-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1972-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1492-102-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2008-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1080-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2172-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1920-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2700-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2736-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1892-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2232-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1900-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2236-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1100-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1656-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2736-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1816-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2776-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1900-131-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1892-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2984-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1056-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2016-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1560-137-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2952-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1620-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1820-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/980-141-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2480-142-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2884-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1932-146-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2244-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/876-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2480-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2160-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2276-151-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2620-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2552-153-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2760-154-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2564-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2172-168-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3100-171-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3156-172-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1816-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/808-180-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3636-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2172-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\K:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish beastiality bukkake [free] feet .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese gang bang sperm hidden sweet .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese fetish lingerie full movie .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american beastiality fucking girls stockings .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\russian kicking horse licking titts upskirt .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude fucking [milf] feet .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\black animal gay [free] feet shower (Karin).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian gang bang lingerie several models Ôë .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot lesbian public (Liz).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\black gang bang bukkake catfight latex .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian masturbation wifey .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian animal lingerie several models ash .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\lesbian hot (!) shower .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\swedish cum gay [free] balls .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm several models hole .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling [free] shower .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\sperm [bangbus] 50+ .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian hot (!) cock femdom (Sylvia).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lesbian licking beautyfull .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\indian beastiality horse public feet stockings .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian handjob beast [free] hotel .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay several models lady .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian action trambling licking hole beautyfull .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian nude bukkake girls titts .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian action gay big swallow .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Drops file in Windows directory 52 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\trambling [free] redhair .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx masturbation leather .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish beastiality lesbian [milf] titts mistress .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish beastiality bukkake uncut glans ash .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\action xxx big shoes .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\chinese fucking lesbian blondie .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian kicking hardcore masturbation cock mistress .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\japanese horse trambling hidden hole circumcision .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\lesbian girls swallow .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia gay catfight titts sweet .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay full movie Ôë .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish handjob bukkake [bangbus] feet femdom (Jade).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish handjob hardcore licking upskirt (Anniston,Samantha).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian gang bang gay girls cock .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\trambling girls leather (Jenna,Samantha).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore [milf] hotel .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish action blowjob [milf] .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\asian trambling several models glans ìï .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling masturbation .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian kicking fucking [bangbus] cock gorgeoushorny (Karin).rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\lingerie girls cock fishy .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie sleeping 50+ .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob voyeur (Karin).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fetish blowjob girls titts fishy (Jade).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\fucking masturbation castration .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\animal trambling [bangbus] upskirt (Anniston,Liz).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\russian horse beast licking sweet .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\gang bang fucking masturbation cock (Sonja,Liz).rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish fucking masturbation mistress .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie catfight leather .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american fetish bukkake licking hole (Christine,Janette).mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\canadian gay lesbian wifey .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\asian gay [bangbus] .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian beastiality sperm hidden .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian kicking bukkake [milf] hole hotel .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish cum xxx sleeping glans YEâPSè& (Sylvia).zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black horse gay lesbian titts sm .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lesbian [milf] mature .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\brasilian horse horse full movie feet hotel .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish animal beast voyeur hairy .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian nude lesbian [milf] feet .rar.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian beastiality blowjob uncut titts mistress (Sylvia).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese kicking lesbian catfight sweet .mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cum gay [milf] titts castration .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality xxx several models titts mistress (Jade).avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\danish nude bukkake hidden (Curtney).mpeg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\lingerie girls girly .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\japanese fetish beast girls cock penetration .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish beastiality xxx sleeping titts .mpg.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black cumshot lingerie [bangbus] titts latex .zip.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\hardcore big glans latex .avi.exe	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2008	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1920	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2700	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2232	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2236	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1100	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1656	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2736	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2008	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2776	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1892	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1900	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1056	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1920	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2984	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2700	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2016	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1816	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
808	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2232	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2952	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1620	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1820	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2236	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
980	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2884	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1932	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1100	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1100	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
1656	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3048	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 3048	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 3048	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	28
PID 2172 wrote to memory of 3048	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	28
PID 3048 wrote to memory of 3040	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	29
PID 3048 wrote to memory of 3040	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	29
PID 3048 wrote to memory of 3040	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	29
PID 3048 wrote to memory of 3040	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 2560	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	30
PID 2172 wrote to memory of 2560	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	30
PID 2172 wrote to memory of 2560	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	30
PID 2172 wrote to memory of 2560	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	30
PID 3040 wrote to memory of 2844	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	31
PID 3040 wrote to memory of 2844	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	31
PID 3040 wrote to memory of 2844	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	31
PID 3040 wrote to memory of 2844	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	31
PID 2560 wrote to memory of 1972	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	32
PID 2560 wrote to memory of 1972	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	32
PID 2560 wrote to memory of 1972	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	32
PID 2560 wrote to memory of 1972	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	32
PID 3048 wrote to memory of 556	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	33
PID 3048 wrote to memory of 556	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	33
PID 3048 wrote to memory of 556	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	33
PID 3048 wrote to memory of 556	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	33
PID 2172 wrote to memory of 1492	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	34
PID 2172 wrote to memory of 1492	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	34
PID 2172 wrote to memory of 1492	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	34
PID 2172 wrote to memory of 1492	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	34
PID 2844 wrote to memory of 2008	2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2008	2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2008	2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	35
PID 2844 wrote to memory of 2008	2844	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	35
PID 1972 wrote to memory of 1080	1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	36
PID 1972 wrote to memory of 1080	1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	36
PID 1972 wrote to memory of 1080	1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	36
PID 1972 wrote to memory of 1080	1972	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	36
PID 2560 wrote to memory of 1920	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	37
PID 2560 wrote to memory of 1920	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	37
PID 2560 wrote to memory of 1920	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	37
PID 2560 wrote to memory of 1920	2560	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	37
PID 3048 wrote to memory of 2700	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	38
PID 3048 wrote to memory of 2700	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	38
PID 3048 wrote to memory of 2700	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	38
PID 3048 wrote to memory of 2700	3048	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	38
PID 3040 wrote to memory of 2232	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	39
PID 3040 wrote to memory of 2232	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	39
PID 3040 wrote to memory of 2232	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	39
PID 3040 wrote to memory of 2232	3040	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	39
PID 2172 wrote to memory of 2236	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	40
PID 2172 wrote to memory of 2236	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	40
PID 2172 wrote to memory of 2236	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	40
PID 2172 wrote to memory of 2236	2172	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	40
PID 1492 wrote to memory of 1100	1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	41
PID 1492 wrote to memory of 1100	1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	41
PID 1492 wrote to memory of 1100	1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	41
PID 1492 wrote to memory of 1100	1492	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	41
PID 556 wrote to memory of 1656	556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	42
PID 556 wrote to memory of 1656	556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	42
PID 556 wrote to memory of 1656	556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	42
PID 556 wrote to memory of 1656	556	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	42
PID 1080 wrote to memory of 2736	1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	43
PID 1080 wrote to memory of 2736	1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	43
PID 1080 wrote to memory of 2736	1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	43
PID 1080 wrote to memory of 2736	1080	c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        9⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        9⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9628
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9108
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9052
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:8960
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9348
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10268
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9076
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10068
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9428
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9844
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9556
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        7⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9924
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10036
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9356
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9292
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10784
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:10028
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        6⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9068
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9204
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10392
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10808
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9096
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10436
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
        5⤵
        
        PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:10060
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9468
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
      4⤵
      PID:9748
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9660
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:3856
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:2044
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:5928
- - C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
    3⤵
    PID:9908
- C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\c04f3e8305d716dfe959f5e1481d77a0_NeikiAnalytics.exe"
  2⤵
  PID:10172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian action trambling licking hole beautyfull .zip.exe

Filesize
2.0MB

MD5
0fc6a3a8e0fa1f5dc766206112928946

SHA1
fe24fcef85611d879b5848dc57c4e2746817abb1

SHA256
428c62e34e55b86130a78b89306f492173563ce1436f3cdd1aa3ddf1a0aeaa52

SHA512
0308038953a320bf07867b3b24752110cef139aea6feddbde4c3b9f5cfdce519161f67a1eb5bf88900df0d3df860bcd9d1be06c242b60217a61a839eddc5979b

Download Submit
memory/556-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/556-72-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/808-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/840-226-0x0000000001E90000-0x0000000001EAE000-memory.dmp

Filesize
120KB

Download
memory/876-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/980-225-0x0000000004540000-0x000000000455E000-memory.dmp

Filesize
120KB

Download
memory/980-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1056-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1080-209-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1080-201-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1080-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1100-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1100-194-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1100-200-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1492-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1492-73-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1560-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1560-202-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/1620-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1656-199-0x0000000004620000-0x000000000463E000-memory.dmp

Filesize
120KB

Download
memory/1656-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1816-203-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/1816-220-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/1816-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1816-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1820-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1820-216-0x0000000004930000-0x000000000494E000-memory.dmp

Filesize
120KB

Download
memory/1892-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1892-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1900-131-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1900-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1900-227-0x0000000004960000-0x000000000497E000-memory.dmp

Filesize
120KB

Download
memory/1920-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1932-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1972-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1972-71-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1972-224-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/1972-90-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/1972-210-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/1972-105-0x00000000047D0000-0x00000000047EE000-memory.dmp

Filesize
120KB

Download
memory/2008-91-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2008-110-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2008-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2008-127-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2016-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2016-205-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2016-221-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2160-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-70-0x0000000004A80000-0x0000000004A9E000-memory.dmp

Filesize
120KB

Download
memory/2172-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-168-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2172-99-0x0000000004A80000-0x0000000004A9E000-memory.dmp

Filesize
120KB

Download
memory/2232-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2260-228-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/2276-193-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2276-151-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2364-214-0x0000000001E50000-0x0000000001E6E000-memory.dmp

Filesize
120KB

Download
memory/2364-229-0x0000000001E50000-0x0000000001E6E000-memory.dmp

Filesize
120KB

Download
memory/2480-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2480-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2552-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2560-108-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/2560-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2560-93-0x0000000004A50000-0x0000000004A6E000-memory.dmp

Filesize
120KB

Download
memory/2564-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2620-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2700-134-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/2700-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2736-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2736-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2760-204-0x0000000001E10000-0x0000000001E2E000-memory.dmp

Filesize
120KB

Download
memory/2760-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2776-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2776-219-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2836-223-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/2844-68-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-103-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2844-97-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2844-89-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/2844-215-0x0000000004920000-0x000000000493E000-memory.dmp

Filesize
120KB

Download
memory/2884-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2952-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2984-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2984-192-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/2984-186-0x0000000004A60000-0x0000000004A7E000-memory.dmp

Filesize
120KB

Download
memory/3040-55-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3040-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3040-67-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/3048-54-0x0000000000530000-0x000000000054E000-memory.dmp

Filesize
120KB

Download
memory/3048-69-0x0000000004A70000-0x0000000004A8E000-memory.dmp

Filesize
120KB

Download
memory/3048-98-0x0000000004A70000-0x0000000004A8E000-memory.dmp

Filesize
120KB

Download
memory/3048-10-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3048-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3100-171-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3156-172-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3636-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download