98a3f6fb935ee4545d7e3a74ac705178d6b4c660d9effdbc81c76de6a58074c6

Analysis

max time kernel
17s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
Size

1.3MB
MD5

9f220256e21a1c85851115f4e4967f00
SHA1

22f649d88bb1b6b7c12abcc8496ba5b53cc2e4df
SHA256

98a3f6fb935ee4545d7e3a74ac705178d6b4c660d9effdbc81c76de6a58074c6
SHA512

e4b37ae7d15a32893037010d09b4d52996f6ac680a7ae8773d716a77b2ca955d92df2e67f65f40d91bad62c441116f896c47f90e6489b0280247eef154b06132
SSDEEP

24576:gfp0LV38tvzMFXiiPx3JpqIbLKyXu+5xeOuWXG6xX:op0BstvzEzPx5cI/X/0OZXD

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-5.dat	upx
behavioral1/memory/2688-54-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2168-64-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3004-66-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2088-65-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2684-73-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1096-74-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/276-78-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2436-77-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2688-75-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2000-84-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2460-83-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2312-82-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1848-79-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3004-87-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2016-86-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/772-99-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2168-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/752-101-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2484-103-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1096-102-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2120-106-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2284-110-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2312-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2016-115-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1848-111-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2000-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/276-109-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2432-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3016-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1648-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1600-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/920-120-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/752-121-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2484-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2432-125-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3016-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2284-129-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1468-130-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2368-131-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2492-132-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/960-133-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2936-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1352-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/888-138-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2188-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2844-140-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2196-142-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1568-143-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2936-145-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2072-151-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2716-156-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3020-158-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3000-159-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2536-160-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2168-173-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3228-185-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3696-189-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3688-195-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/4020-211-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/4012-210-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/4032-212-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/4040-213-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\V:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\E:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\G:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\I:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\L:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\P:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\B:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\R:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\X:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\A:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\K:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\O:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\T:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\W:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\H:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\J:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\M:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\N:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File opened (read-only)	\??\U:	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian lesbian voyeur legs penetration .avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian horse beast uncut vagina .avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish porn several models granny .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish kicking full movie upskirt .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay hidden .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality lingerie hot (!) titts hotel .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish xxx kicking sleeping ash .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\beastiality cumshot licking shoes .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\norwegian hardcore handjob full movie .avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\shared\french handjob fucking several models stockings .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\action handjob lesbian beautyfull .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\sperm [bangbus] circumcision (Sonja).mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\indian kicking full movie beautyfull .avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\kicking [milf] sm .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\swedish fetish girls legs latex .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\handjob [milf] vagina traffic .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\cumshot big boobs granny .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish bukkake action catfight .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling kicking licking titts (Ashley).mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\chinese porn hidden sm (Curtney,Sonja).mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese porn blowjob lesbian upskirt .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian fetish catfight blondie (Curtney).zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn licking (Melissa,Sandy).rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\handjob girls glans ash .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\spanish horse animal masturbation (Janette).rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot girls boobs .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\french gang bang public .avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african horse hot (!) .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\porn licking titts shoes .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish horse xxx voyeur .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\spanish trambling cum lesbian vagina redhair (Sonja).zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\cumshot public nipples fishy .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\asian gang bang lesbian [free] fishy .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\french porn action big (Sylvia,Janette).avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish kicking [milf] young (Jade,Tatjana).rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\swedish horse sleeping shoes .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\asian fetish [free] (Christine).rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish trambling fetish [milf] mature .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish bukkake horse [milf] (Kathrin,Britney).mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\canadian cumshot public .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot uncut .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\french action beast hot (!) pregnant (Sonja).avi.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse kicking uncut feet .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\hardcore [bangbus] granny .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese lingerie licking 40+ .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\security\templates\xxx xxx girls feet shower .mpeg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cumshot masturbation .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\british action hidden feet black hairunshaved (Sylvia).rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gang bang hidden (Sarah).zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse hidden blondie .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\canadian kicking uncut .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian sperm sleeping glans granny .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\animal big sm .zip.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm hidden granny .mpg.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\lesbian action full movie titts .rar.exe	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1096	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
276	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1848	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2312	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2000	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2016	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1600	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1648	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
920	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
752	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1096	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2484	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2284	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
3016	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2120	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2432	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2492	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2368	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1468	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
960	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1352	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
276	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1848	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2312	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2000	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
888	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2844	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2188	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2188	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2196	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
2196	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
1600	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2088	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2088	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2088	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2088	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2684	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2684	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2684	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2684	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	29
PID 2088 wrote to memory of 2688	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	30
PID 2088 wrote to memory of 2688	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	30
PID 2088 wrote to memory of 2688	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	30
PID 2088 wrote to memory of 2688	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	30
PID 2684 wrote to memory of 2436	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 2436	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 2436	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	31
PID 2684 wrote to memory of 2436	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	31
PID 2168 wrote to memory of 2460	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	32
PID 2168 wrote to memory of 2460	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	32
PID 2168 wrote to memory of 2460	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	32
PID 2168 wrote to memory of 2460	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	32
PID 2088 wrote to memory of 3004	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	33
PID 2088 wrote to memory of 3004	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	33
PID 2088 wrote to memory of 3004	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	33
PID 2088 wrote to memory of 3004	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	33
PID 2688 wrote to memory of 772	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	34
PID 2688 wrote to memory of 772	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	34
PID 2688 wrote to memory of 772	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	34
PID 2688 wrote to memory of 772	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	34
PID 2684 wrote to memory of 1096	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 1096	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 1096	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	35
PID 2684 wrote to memory of 1096	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	35
PID 2168 wrote to memory of 276	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	36
PID 2168 wrote to memory of 276	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	36
PID 2168 wrote to memory of 276	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	36
PID 2168 wrote to memory of 276	2168	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	36
PID 2436 wrote to memory of 1848	2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	37
PID 2436 wrote to memory of 1848	2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	37
PID 2436 wrote to memory of 1848	2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	37
PID 2436 wrote to memory of 1848	2436	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	37
PID 2460 wrote to memory of 2000	2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	38
PID 2460 wrote to memory of 2000	2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	38
PID 2460 wrote to memory of 2000	2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	38
PID 2460 wrote to memory of 2000	2460	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	38
PID 2088 wrote to memory of 2312	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	39
PID 2088 wrote to memory of 2312	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	39
PID 2088 wrote to memory of 2312	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	39
PID 2088 wrote to memory of 2312	2088	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	39
PID 772 wrote to memory of 1648	772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	40
PID 772 wrote to memory of 1648	772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	40
PID 772 wrote to memory of 1648	772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	40
PID 772 wrote to memory of 1648	772	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	40
PID 2688 wrote to memory of 2016	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	41
PID 2688 wrote to memory of 2016	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	41
PID 2688 wrote to memory of 2016	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	41
PID 2688 wrote to memory of 2016	2688	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	41
PID 3004 wrote to memory of 1600	3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	42
PID 3004 wrote to memory of 1600	3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	42
PID 3004 wrote to memory of 1600	3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	42
PID 3004 wrote to memory of 1600	3004	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	42
PID 2684 wrote to memory of 920	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 920	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 920	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	43
PID 2684 wrote to memory of 920	2684	9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe	43

C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:10880
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5824
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8396
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:4708
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:6612
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:10508
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        7⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:9000
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:7740
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:10840
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:10904
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:7128
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:9956
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5208
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:9880
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8384
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:5228
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:276
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
        5⤵
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8392
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:5564
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:10440
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:7684
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
      4⤵
      PID:7968
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:8024
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:5668
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:9860
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:8884
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  PID:3272
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:6364
- - C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
    3⤵
    PID:7408
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  PID:4752
- C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9f220256e21a1c85851115f4e4967f00_NeikiAnalytics.exe"
  2⤵
  PID:7748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\chinese porn hidden sm (Curtney,Sonja).mpeg.exe

Filesize
892KB

MD5
ca31aa6a593b5ecdc68d753532b0b773

SHA1
d0b13076ba6b5f0bfe9be82c05868ac1961bc675

SHA256
57b2b4677347a811e6fe27a0e4684828f3a04312048307b3288f2d11e18180b4

SHA512
67dd2bcca5fa04bca59ee3af8464de3c19ee365c63f728e948b53a656fc2cab7961b55ac72794fa4805329d76f2f70e5f9cc8b46b2613af2c5f450f1eaf68003

Download Submit
memory/276-78-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/276-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/580-215-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/752-121-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/752-101-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/772-99-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/888-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-120-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-214-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/960-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-222-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/1096-219-0x0000000004930000-0x0000000004950000-memory.dmp

Filesize
128KB

Download
memory/1096-144-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/1096-74-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1096-135-0x00000000045D0000-0x00000000045F0000-memory.dmp

Filesize
128KB

Download
memory/1096-102-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1096-100-0x0000000004570000-0x0000000004590000-memory.dmp

Filesize
128KB

Download
memory/1096-119-0x0000000004570000-0x0000000004590000-memory.dmp

Filesize
128KB

Download
memory/1352-216-0x0000000004A60000-0x0000000004A80000-memory.dmp

Filesize
128KB

Download
memory/1352-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1468-217-0x00000000045E0000-0x0000000004600000-memory.dmp

Filesize
128KB

Download
memory/1468-130-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1468-201-0x00000000045E0000-0x0000000004600000-memory.dmp

Filesize
128KB

Download
memory/1568-143-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1600-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1648-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1728-203-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1728-221-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1848-79-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1848-111-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2000-84-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2000-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2016-141-0x0000000001E80000-0x0000000001EA0000-memory.dmp

Filesize
128KB

Download
memory/2016-86-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2016-115-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-194-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2072-151-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2072-197-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2088-81-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/2088-113-0x0000000004A50000-0x0000000004A70000-memory.dmp

Filesize
128KB

Download
memory/2088-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2120-106-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-63-0x0000000004970000-0x0000000004990000-memory.dmp

Filesize
128KB

Download
memory/2168-67-0x0000000004970000-0x0000000004990000-memory.dmp

Filesize
128KB

Download
memory/2168-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-104-0x00000000049D0000-0x00000000049F0000-memory.dmp

Filesize
128KB

Download
memory/2168-173-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-246-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2168-53-0x0000000004970000-0x0000000004990000-memory.dmp

Filesize
128KB

Download
memory/2188-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2196-142-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2284-129-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2284-110-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2312-82-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2312-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2368-204-0x0000000004A60000-0x0000000004A80000-memory.dmp

Filesize
128KB

Download
memory/2368-198-0x0000000004A60000-0x0000000004A80000-memory.dmp

Filesize
128KB

Download
memory/2368-131-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2432-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2432-125-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2436-77-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2436-105-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2436-76-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2460-80-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2460-83-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2460-112-0x00000000047B0000-0x00000000047D0000-memory.dmp

Filesize
128KB

Download
memory/2484-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2484-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2492-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2508-202-0x00000000006F0000-0x0000000000710000-memory.dmp

Filesize
128KB

Download
memory/2508-220-0x00000000006F0000-0x0000000000710000-memory.dmp

Filesize
128KB

Download
memory/2536-160-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2684-73-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2684-207-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2688-75-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2688-191-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2688-54-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2688-187-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2688-134-0x0000000004920000-0x0000000004940000-memory.dmp

Filesize
128KB

Download
memory/2716-156-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2844-140-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2936-145-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2936-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3000-159-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3004-87-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3004-66-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3016-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3016-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3020-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3228-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3688-195-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3696-189-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3992-218-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4012-210-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4020-211-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4032-212-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4040-213-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download