9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431

Analysis

max time kernel
23s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
Size

1.7MB
MD5

376c48ea583a16d6653e08d88da755f0
SHA1

a1e57e899ed60d8fe09cf40e4321608f61ba9f1f
SHA256

9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431
SHA512

86f11f5b223fd2756c62bf0b53adf230c0dd637cc1e780b5096730920715d29dc7a6055e5568568c1b9c667a489e05bbdc7bd0626ccb4330bd6a85476c90ab8c
SSDEEP

49152:hCocKFYGzP3Q6PKbD7mnDJ5zXbaRJKHuI4yD+EC8:soYG79PyDSnVhLazaurWnX

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\H:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\U:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\W:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\L:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\P:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\R:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\T:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\V:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\A:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\I:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\J:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\K:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\M:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\O:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\S:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\X:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\B:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\E:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File opened (read-only)	\??\N:	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\fucking big 50+ .mpeg.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\danish nude beast sleeping granny .mpg.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese animal sperm full movie boots (Sonja,Tatjana).mpg.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse full movie (Curtney).rar.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay sleeping latex .rar.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian beastiality gay uncut hole granny .zip.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking girls titts granny (Jade).avi.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese porn gay full movie (Melissa).avi.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\japanese kicking sperm girls pregnant .avi.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake lesbian cock young .zip.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian gang bang fucking full movie .rar.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3484	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3484	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3228	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3228	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3548	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
3548	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
5116	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
5116	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 2188	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	92
PID 3152 wrote to memory of 2188	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	92
PID 3152 wrote to memory of 2188	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	92
PID 3152 wrote to memory of 3484	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	93
PID 3152 wrote to memory of 3484	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	93
PID 3152 wrote to memory of 3484	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	93
PID 2188 wrote to memory of 3228	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 3228	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 3228	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	94
PID 3152 wrote to memory of 5116	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	95
PID 3152 wrote to memory of 5116	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	95
PID 3152 wrote to memory of 5116	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	95
PID 2188 wrote to memory of 3548	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 3548	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 3548	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	96
PID 3484 wrote to memory of 1212	3484	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	97
PID 3484 wrote to memory of 1212	3484	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	97
PID 3484 wrote to memory of 1212	3484	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	97
PID 3228 wrote to memory of 3384	3228	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	98
PID 3228 wrote to memory of 3384	3228	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	98
PID 3228 wrote to memory of 3384	3228	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	98
PID 3152 wrote to memory of 4048	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	99
PID 3152 wrote to memory of 4048	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	99
PID 3152 wrote to memory of 4048	3152	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	99
PID 2188 wrote to memory of 4232	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 4232	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 4232	2188	9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe	100

C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:852
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11684
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        7⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:12940
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:7592
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10172
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10152
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:12308
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:12220
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11692
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:2080
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:13320
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9088
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:8596
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:8680
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:10888
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:13064
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:12820
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8688
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10880
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
        5⤵
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:12324
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11912
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:10972
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:7576
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:9284
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:12468
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:5012
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
      4⤵
      PID:11920
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:7708
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10684
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:5172
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:7996
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10220
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:8860
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:6064
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:10544
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:7192
- - C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
    3⤵
    PID:5648
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:9032
- C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\9ca962dbf2aa9b9ec8a8ba55772d3c7d9510c2d9546fe01128c1adb185f87431_NeikiAnalytics.exe"
  2⤵
  PID:11812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse full movie (Curtney).rar.exe

Filesize
1.4MB

MD5
a873d6b59e495d778ccf2e76ba9e5994

SHA1
d9bc48293baa5c9e5e7dc98132ae72264651bb73

SHA256
65af9623fd6a0347bb1ac771fe7cd22f2ca0b1c47037c9ad2fb39957fe6cf3b6

SHA512
f37c4a6847f4f438f05f77b15e35f45c2825d6926e294ae3305f9b252a37e42174cb2b3475fa97b1e585edefe2b3fe3c9a163631bd24093c97125bad8331301c

Download Submit