a243f2d890bde6cb21a897ec49632781c28c198eff5fb87817aae8ba297e66d7

Analysis

max time kernel
35s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
Size

591KB
MD5

06b659c4fd176e2dcc6a481d3aead46f
SHA1

d54838f2eeaf742e7ebbb08bbed47ee8b5696048
SHA256

a243f2d890bde6cb21a897ec49632781c28c198eff5fb87817aae8ba297e66d7
SHA512

fab37a03036229a895b2fd0d2d95cf786f9670e35a4895ac8e2f2ed14682c669c70544646546258716e33e826dfa337c4dd7693bdcc797de9c47abbbbe27344a
SSDEEP

12288:gEQoShF+ngG7cY6S7AVLYMl3hEAlgs3icItk48ADpHXymUNHZ:gx+gPYh5Ml3plF3otIA9HCTNZ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000016c7a-5.dat	upx
behavioral1/memory/2620-63-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2620-91-0x0000000004AB0000-0x0000000004AD0000-memory.dmp	upx
behavioral1/memory/1428-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1824-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1536-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2072-96-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1716-99-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2620-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1592-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2620-100-0x0000000004AB0000-0x0000000004AD0000-memory.dmp	upx
behavioral1/memory/1428-102-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1824-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1728-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1536-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1552-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1716-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2756-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2212-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1592-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2072-111-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/848-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1204-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/536-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1552-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1068-121-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2360-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1000-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2364-125-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3064-129-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2252-128-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/448-127-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2212-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/844-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1256-132-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1296-131-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2248-130-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2316-133-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2008-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1892-138-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1964-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1068-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1204-135-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2264-142-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2164-143-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2832-144-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/448-146-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3064-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2340-152-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/904-150-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1256-149-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1296-148-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2008-156-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1892-155-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1964-154-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2164-157-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2832-158-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1504-160-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2644-161-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2300-162-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2712-164-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2592-163-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2516-165-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\K:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\L:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\O:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\P:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\S:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\U:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\A:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\E:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\G:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\J:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\X:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\H:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\M:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\N:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\B:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\R:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\T:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\V:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File opened (read-only)	\??\W:	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\animal sperm big .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot [milf] (Kathrin).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob fetish girls beautyfull .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie voyeur gorgeoushorny .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\british bukkake horse uncut .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gang bang lesbian hole blondie .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian horse cumshot several models girly .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\xxx lesbian .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian horse kicking licking redhair (Melissa).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\african action animal several models castration .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\xxx hot (!) nipples beautyfull .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\russian kicking action lesbian ash .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling uncut cock shoes .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\african bukkake sleeping .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\fetish licking vagina granny .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\french horse blowjob licking feet .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\chinese lesbian animal licking black hairunshaved (Anniston,Karin).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob catfight glans .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese lingerie cum lesbian legs .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\danish blowjob lesbian girls .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast hot (!) (Sonja,Karin).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese lesbian sleeping boobs .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\chinese cum public swallow .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\beastiality big .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse big boobs young .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\blowjob uncut .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\indian cumshot blowjob several models swallow .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\french handjob bukkake several models ash .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\chinese handjob bukkake voyeur glans .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\hardcore blowjob girls .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\canadian trambling handjob several models glans (Sonja,Melissa).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\action cum masturbation glans mature .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\danish gay hidden cock .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african gang bang gay hot (!) pregnant .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\trambling horse [free] 40+ .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\british cumshot horse big boobs mistress .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\swedish animal lesbian .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\asian horse fucking [bangbus] castration .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cum full movie feet (Sandy).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\spanish gay fetish catfight sweet (Sylvia,Sonja).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\spanish lingerie horse girls (Anniston).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx fucking [bangbus] .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\french xxx horse catfight latex (Janette,Jenna).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse big ejaculation .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\beastiality big .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cum nude full movie .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lingerie gay full movie high heels .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\security\templates\lesbian [milf] (Tatjana,Jade).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\lingerie full movie (Samantha).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore hardcore catfight cock (Tatjana).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gang bang horse hidden titts .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\blowjob lingerie masturbation circumcision .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian fetish cumshot voyeur swallow (Kathrin).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude lesbian [bangbus] penetration (Kathrin,Janette).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african xxx uncut .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish lesbian lesbian licking feet bedroom .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cumshot blowjob voyeur .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse sleeping feet swallow (Sonja,Melissa).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\lingerie bukkake hidden feet sm .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\french kicking horse voyeur feet balls .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\danish fucking sperm hidden (Liz).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\fucking masturbation redhair .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian blowjob several models hole .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\indian lingerie fucking big .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm full movie .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\norwegian horse cumshot masturbation titts (Liz,Sonja).mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian cumshot girls .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\fucking handjob [milf] penetration .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling catfight .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\fetish uncut glans hairy (Sonja).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\fetish trambling lesbian ash black hairunshaved .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob gang bang masturbation .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french handjob bukkake sleeping (Kathrin,Britney).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\Temp\lingerie catfight young .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\porn beast girls .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob kicking licking boobs shower .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore gang bang girls ash shower .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fetish catfight shoes .rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\InstallTemp\african horse [milf] cock granny .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\beast trambling lesbian titts wifey .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\tyrkish animal handjob big .mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\hardcore full movie shower (Jenna).rar.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian xxx catfight girly (Gina).mpeg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\spanish blowjob action [free] 40+ .avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian gay lesbian ash (Sarah).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french beastiality kicking masturbation cock ash .zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot horse [milf] hotel .mpg.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian action [bangbus] (Curtney,Sonja).avi.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\brasilian porn public (Janette,Sarah).zip.exe	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1592	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1000	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2360	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
844	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1552	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2364	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2212	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2252	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2316	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2248	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1592	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1204	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1068	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2264	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
448	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1000	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
844	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1256	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
3064	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1296	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2360	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
904	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2340	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1964	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1892	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2008	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1552	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2364	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
2832	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2620	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2620	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2620	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 2620	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	28
PID 2620 wrote to memory of 1428	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	29
PID 2620 wrote to memory of 1428	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	29
PID 2620 wrote to memory of 1428	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	29
PID 2620 wrote to memory of 1428	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 1824	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	30
PID 2072 wrote to memory of 1824	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	30
PID 2072 wrote to memory of 1824	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	30
PID 2072 wrote to memory of 1824	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	30
PID 1428 wrote to memory of 2756	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	31
PID 1428 wrote to memory of 2756	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	31
PID 1428 wrote to memory of 2756	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	31
PID 1428 wrote to memory of 2756	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	31
PID 1824 wrote to memory of 1536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	32
PID 1824 wrote to memory of 1536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	32
PID 1824 wrote to memory of 1536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	32
PID 1824 wrote to memory of 1536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	32
PID 2620 wrote to memory of 1728	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	33
PID 2620 wrote to memory of 1728	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	33
PID 2620 wrote to memory of 1728	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	33
PID 2620 wrote to memory of 1728	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	33
PID 2072 wrote to memory of 1716	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	34
PID 2072 wrote to memory of 1716	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	34
PID 2072 wrote to memory of 1716	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	34
PID 2072 wrote to memory of 1716	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	34
PID 2756 wrote to memory of 1592	2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	35
PID 2756 wrote to memory of 1592	2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	35
PID 2756 wrote to memory of 1592	2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	35
PID 2756 wrote to memory of 1592	2756	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	35
PID 1728 wrote to memory of 848	1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	36
PID 1728 wrote to memory of 848	1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	36
PID 1728 wrote to memory of 848	1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	36
PID 1728 wrote to memory of 848	1728	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	36
PID 1428 wrote to memory of 1000	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	37
PID 1428 wrote to memory of 1000	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	37
PID 1428 wrote to memory of 1000	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	37
PID 1428 wrote to memory of 1000	1428	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	37
PID 1824 wrote to memory of 536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	38
PID 1824 wrote to memory of 536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	38
PID 1824 wrote to memory of 536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	38
PID 1824 wrote to memory of 536	1824	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	38
PID 1716 wrote to memory of 1552	1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	39
PID 1716 wrote to memory of 1552	1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	39
PID 1716 wrote to memory of 1552	1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	39
PID 1716 wrote to memory of 1552	1716	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	39
PID 1536 wrote to memory of 2360	1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	40
PID 1536 wrote to memory of 2360	1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	40
PID 1536 wrote to memory of 2360	1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	40
PID 1536 wrote to memory of 2360	1536	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	40
PID 2072 wrote to memory of 2364	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	41
PID 2072 wrote to memory of 2364	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	41
PID 2072 wrote to memory of 2364	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	41
PID 2072 wrote to memory of 2364	2072	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	41
PID 2620 wrote to memory of 844	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	42
PID 2620 wrote to memory of 844	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	42
PID 2620 wrote to memory of 844	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	42
PID 2620 wrote to memory of 844	2620	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	42
PID 848 wrote to memory of 2212	848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	43
PID 848 wrote to memory of 2212	848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	43
PID 848 wrote to memory of 2212	848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	43
PID 848 wrote to memory of 2212	848	06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18256
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:18980
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18888
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18776
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18708
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:19092
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:20060
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9508
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19108
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18768
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16368
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18948
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11424
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:19404
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18896
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17536
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14164
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11436
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5328
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:8492
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:14864
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:18472
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19076
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18756
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18720
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:20044
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:20028
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:10880
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18928
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:10372
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:19396
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16584
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:7844
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16932
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18124
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13484
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18748
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16884
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11644
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5920
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9096
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16988
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:17052
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18692
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18740
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5880
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9204
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16800
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
        5⤵
        
        PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:11620
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18904
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:5988
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9120
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:17092
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:16632
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
      4⤵
      PID:18180
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:7852
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16964
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:3556
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:6092
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16360
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:12088
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:9980
- - C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
    3⤵
    PID:16640
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:7392
- C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\06b659c4fd176e2dcc6a481d3aead46f_NeikiAnalytics.exe"
  2⤵
  PID:16576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\chinese cum public swallow .avi.exe

Filesize
167KB

MD5
5d7528d0b4a988627330a384994b42d9

SHA1
83a749241a25b10c0ac9caf44b37ee1eb1b91476

SHA256
36601bc9faab2f9aee185cf4e7df5a0f3fada9e9b9985efb9cc7bb39f2b76028

SHA512
f266590ff67856712b395b4ab19b4e30dfad53c15616b160051a29cee6609c2cdb9024a96e2123b40296276a66983a95e1cba400c3dd41d688af00a22f1fc34c

Download Submit
C:\debug.txt

Filesize
183B

MD5
8918a606407056baef3af8f14dd655b8

SHA1
6ee6b9bda6d9a79f609c80b75f6deea10ad53a65

SHA256
6b665f9cc6cd7e15609096f1a7859eb87984818cd5885db2194f8b351cf40bd3

SHA512
5dfe4d38026a77c5d1c8e8987aa18db4d84ed5ce0ffda827c90a73849cef48587cddba701287d19dbc90ae3cd405f16ce70ca5716296f79285242f42e8346f30

Download Submit
memory/448-127-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/448-146-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/536-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/844-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/848-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/904-150-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/904-175-0x0000000005050000-0x0000000005070000-memory.dmp

Filesize
128KB

Download
memory/1000-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1000-118-0x0000000004DD0000-0x0000000004DF0000-memory.dmp

Filesize
128KB

Download
memory/1000-134-0x0000000004DD0000-0x0000000004DF0000-memory.dmp

Filesize
128KB

Download
memory/1068-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1068-121-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1204-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1204-135-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1256-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1256-149-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1296-131-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1296-148-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1428-102-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1428-120-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/1428-94-0x00000000045C0000-0x00000000045E0000-memory.dmp

Filesize
128KB

Download
memory/1428-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1504-160-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1536-151-0x0000000004590000-0x00000000045B0000-memory.dmp

Filesize
128KB

Download
memory/1536-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1536-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1536-166-0x0000000004AC0000-0x0000000004AE0000-memory.dmp

Filesize
128KB

Download
memory/1552-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1552-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1592-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1592-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1716-99-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1716-105-0x0000000004A90000-0x0000000004AB0000-memory.dmp

Filesize
128KB

Download
memory/1716-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1728-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1740-172-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1824-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1824-115-0x0000000004F10000-0x0000000004F30000-memory.dmp

Filesize
128KB

Download
memory/1824-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1892-155-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1892-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1920-174-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1964-154-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1964-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2008-156-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2008-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-352-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-62-0x0000000004C80000-0x0000000004CA0000-memory.dmp

Filesize
128KB

Download
memory/2072-97-0x0000000004C80000-0x0000000004CA0000-memory.dmp

Filesize
128KB

Download
memory/2072-141-0x0000000004E80000-0x0000000004EA0000-memory.dmp

Filesize
128KB

Download
memory/2072-96-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-111-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-219-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2160-169-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2164-143-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2164-157-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2212-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2212-159-0x0000000004F10000-0x0000000004F30000-memory.dmp

Filesize
128KB

Download
memory/2212-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2212-145-0x0000000004F10000-0x0000000004F30000-memory.dmp

Filesize
128KB

Download
memory/2248-130-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2252-128-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2264-142-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2300-162-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2316-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2340-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2360-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2364-125-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2460-180-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2492-171-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2516-165-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2592-163-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2620-63-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2620-100-0x0000000004AB0000-0x0000000004AD0000-memory.dmp

Filesize
128KB

Download
memory/2620-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2620-91-0x0000000004AB0000-0x0000000004AD0000-memory.dmp

Filesize
128KB

Download
memory/2644-161-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2700-179-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2712-164-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2716-178-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2756-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2756-153-0x00000000044F0000-0x0000000004510000-memory.dmp

Filesize
128KB

Download
memory/2832-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2832-144-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2844-177-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2848-173-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3064-129-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3064-176-0x0000000000530000-0x0000000000550000-memory.dmp

Filesize
128KB

Download
memory/3064-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3064-170-0x0000000000530000-0x0000000000550000-memory.dmp

Filesize
128KB

Download
memory/3108-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3136-182-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3152-183-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3200-184-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3316-186-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3332-187-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3360-188-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3504-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download