b0227c629746f5db124b013b19ff9de43985f1bfb938ce9f6e9106879b8bc19f

Analysis

max time kernel
14s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Size

1.8MB
MD5

70af57e52ed3223afb694347dd827140
SHA1

f967ad380adfd1221f4ebcf543812c43f5ad497b
SHA256

b0227c629746f5db124b013b19ff9de43985f1bfb938ce9f6e9106879b8bc19f
SHA512

22825952ce9f7e76227ee57b6717059d081bf8badfa433b9751e051865f3581e56de13bed0c9580501adcc28b4dfd8e67be1358a4cb65fc13aeb61527845ffa0
SSDEEP

24576:VS4goEe+oVDUN9hNhnZqaTUANRTRN9PhNv2MvDHmGbD2ZEy0SrihVTLdo7e/1AN+:YsmhdlLRVN9PjHmGD2WerILpKkdbJ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 21 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4436-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob voyeur feet young (Liz).mpg.exe	upx
behavioral2/memory/2284-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/436-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4812-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3444-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1712-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/956-184-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4436-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4480-185-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4844-187-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4840-188-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/436-189-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4812-190-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3092-192-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/408-191-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3256-195-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3444-194-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2084-197-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2068-200-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4680-205-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4376-204-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4480-203-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3080-202-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1344-201-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4460-199-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/956-198-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1712-196-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4436-193-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/380-208-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4840-207-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4844-206-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2416-210-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-213-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4936-212-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2196-211-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1200-209-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3092-214-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5056-215-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4964-217-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3256-216-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2084-218-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/636-219-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2068-221-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4460-220-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3996-222-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5140-226-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5124-225-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3080-224-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5224-228-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5256-232-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5232-231-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5360-234-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/380-233-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4632-230-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4036-229-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4680-227-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5056-240-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5468-239-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1916-238-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4936-237-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5344-236-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2416-235-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5568-242-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\K:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\N:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\V:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\A:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\E:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\H:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\T:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\X:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\L:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\P:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\R:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\J:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\B:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\G:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\I:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\U:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\W:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\M:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\O:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File opened (read-only)	\??\S:	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\Temp\tyrkish horse hardcore hot (!) lady .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish cum lesbian catfight mistress .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish action hardcore masturbation balls .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian gang bang horse [bangbus] feet .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian public black hairunshaved .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast [bangbus] hairy (Sonja,Karin).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian nude xxx masturbation .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish handjob gay licking glans granny (Sarah).mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american animal gay [bangbus] titts leather .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\blowjob several models glans young .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian nude lingerie several models hotel .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm public .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Drops file in Program Files directory 17 IoCs

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\danish porn hardcore sleeping hole .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\black fetish trambling [bangbus] fishy .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american cumshot blowjob hidden redhair .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish porn sperm lesbian cock castration (Samantha).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian cumshot hardcore [milf] (Curtney).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob voyeur feet young (Liz).mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse catfight (Janette).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay sleeping redhair .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\xxx catfight bondage .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\italian cumshot xxx masturbation hole girly .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american beastiality hardcore full movie hairy .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality trambling several models black hairunshaved .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\sperm uncut titts sweet .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish action trambling catfight sm .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black kicking hardcore licking pregnant .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese gay full movie glans beautyfull .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian kicking beast [bangbus] beautyfull .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

Processes:

70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\danish gang bang fucking [free] .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\russian porn lingerie hot (!) cock gorgeoushorny .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\japanese nude lingerie [milf] stockings .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\security\templates\swedish kicking beast [free] cock balls .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\american animal blowjob hidden .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\bukkake girls feet .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese beastiality trambling several models granny .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\french bukkake lesbian hole .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\japanese animal sperm licking boots (Sonja,Melissa).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\sperm girls (Janette).rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cum lesbian [free] .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\german bukkake several models (Janette).mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\black fetish hardcore big sm .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish handjob lesbian catfight femdom (Anniston,Janette).rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french lingerie sleeping (Tatjana).mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\hardcore [bangbus] .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\gang bang lingerie licking mistress .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\german bukkake [milf] redhair .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx [bangbus] titts .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\german beast uncut glans blondie .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian blowjob full movie shoes .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\indian cum hardcore licking castration .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\fucking [free] cock .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\japanese handjob lingerie [milf] femdom .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\action lesbian lesbian feet swallow (Karin).mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\danish action trambling [bangbus] titts balls .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\german beast girls .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\nude lesbian [bangbus] .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\japanese fetish horse licking granny .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\fucking licking titts fishy .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian animal horse [free] titts (Sonja,Sylvia).rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\brasilian gang bang horse uncut hole shoes (Tatjana).zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\chinese lingerie uncut .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cum sperm voyeur femdom .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\brasilian kicking blowjob lesbian cock (Ashley,Sylvia).rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\handjob lingerie lesbian stockings .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\russian gang bang blowjob [milf] girly (Jenna,Sarah).zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast full movie bondage .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian porn xxx girls feet .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian sperm girls pregnant .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\gay several models hole .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\danish handjob beast big cock (Anniston,Curtney).avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\japanese horse sperm uncut blondie .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\italian beastiality blowjob hot (!) lady .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling lesbian feet (Britney,Curtney).rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\danish beastiality horse uncut .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\beast hot (!) swallow (Anniston,Karin).zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\bukkake masturbation cock hairy (Tatjana).mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\danish nude bukkake masturbation feet hotel .mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\spanish xxx [bangbus] hole .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black kicking trambling sleeping titts pregnant .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\blowjob catfight mature .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse bukkake sleeping (Sarah).mpg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish kicking trambling hot (!) .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\italian nude bukkake [free] granny .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian hardcore [free] bedroom .avi.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\trambling hidden .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum trambling [free] .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian sperm voyeur boots .mpeg.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie public circumcision .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum sperm hot (!) redhair .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\sperm catfight latex .rar.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\beast girls penetration .zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american cumshot beast masturbation (Sarah).zip.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1344	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1344	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4480	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4480	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4376	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4376	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4844	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4844	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4840	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4840	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1200	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2196	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1200	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
2196	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3092	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3092	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3256	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
3256	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4436

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2284

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:436

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1200

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
8⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
8⤵
PID:14088

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:15108

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15140

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14256

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15028

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:12992

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14292

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:14240

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14496

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:17304

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14040

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
PID:4460

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15084

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14544

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15076

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14520

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15092

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11952

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:11748

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:408

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1344

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3256

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
8⤵
PID:14552

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:14272

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15236

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:14560

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:17288

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15052

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14696

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
PID:2084

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:15060

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:12108

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:12412

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14320

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14536

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:12696

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14896

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14508

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:12832

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14328

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14580

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:17248

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:12268

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
PID:3080

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14528

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:12764

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14312

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14064

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4812

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:956

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3092

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
7⤵
PID:15196

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:11312

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14264

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15172

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15116

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14396

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14884

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:11288

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15068

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:11936

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:14248

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14404

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15188

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:14956

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:17296

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15124

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15132

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15180

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15020

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:12840

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14304

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:11544

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:16196

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3444

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4840

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
6⤵
PID:15212

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15228

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15100

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:17020

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15044

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15220

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15164

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:13116

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14284

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:14072

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4844

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
5⤵
PID:15204

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14568

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15148

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:15156

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
PID:2068

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:11944

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:14052

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
4⤵
PID:15036

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:11976

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:14080

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
PID:11272

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
3⤵
PID:16188

C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe"
2⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob voyeur feet young (Liz).mpg.exe

Filesize
867KB

MD5
5e71735d3c645c3df68afda5f3c10b66

SHA1
4f2fb678c9bd5f2739e9f667a6425fcc803594cb

SHA256
a649e18b454e1d525fbb16cf30d8f76f6f0e935c2edb5da5274b7926bc2de19c

SHA512
3e0b95c2f7025926918e852eef1f0205fa2edc2585adc1507232f643da7f26085ef5231958c0bbf197fbcc1ef1859e323fd28c5f03257495d122f1d507a43bb7

Download Submit
memory/380-233-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/380-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/408-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/436-189-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/436-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/636-219-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/956-184-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/956-198-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-209-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1344-201-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1712-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1712-196-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-213-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1916-238-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2068-221-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2068-200-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2084-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2084-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2196-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2284-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2416-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2416-235-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3080-224-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3080-202-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3092-214-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3092-192-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3256-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3256-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-194-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3996-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3996-222-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4036-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4376-204-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4436-345-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4436-193-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4436-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4436-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4460-199-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4460-220-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4480-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4480-203-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4632-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4680-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4680-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4812-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4812-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4840-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4844-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4844-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4936-212-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4936-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4964-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4964-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5056-215-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5056-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5124-225-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5140-226-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5224-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5224-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5232-231-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5232-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5256-254-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5256-232-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5312-256-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5344-236-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5360-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5360-234-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5448-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5468-239-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5568-242-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5568-265-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5588-268-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5588-243-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5608-269-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5608-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5720-272-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5720-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5780-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5780-275-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5852-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5852-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5860-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5912-259-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6008-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6096-261-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6124-262-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6184-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6220-266-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6228-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6276-270-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6296-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-271-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6328-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6440-276-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download

description	pid	process	target process
PID 4436 wrote to memory of 2284	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 2284	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 2284	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 436	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 436	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 436	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4812	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4812	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4812	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 408	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 408	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 408	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 3444	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 3444	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 3444	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 1712	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 1712	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 1712	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 956	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 956	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 956	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 1344	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 1344	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 1344	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 4376	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 4376	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 4376	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4480	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4480	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4480	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4844	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4844	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 4844	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4840	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4840	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4840	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1712 wrote to memory of 1200	1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1712 wrote to memory of 1200	1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1712 wrote to memory of 1200	1712	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 2196	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 2196	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 2196	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 956 wrote to memory of 3092	956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 956 wrote to memory of 3092	956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 956 wrote to memory of 3092	956	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1344 wrote to memory of 3256	1344	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1344 wrote to memory of 3256	1344	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 1344 wrote to memory of 3256	1344	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 2084	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 2084	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 408 wrote to memory of 2084	408	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4460	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4460	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 436 wrote to memory of 4460	436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 2068	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 2068	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4436 wrote to memory of 2068	4436	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 3080	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 3080	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 2284 wrote to memory of 3080	2284	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4680	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4680	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 3444 wrote to memory of 4680	3444	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe
PID 4812 wrote to memory of 4036	4812	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe	70af57e52ed3223afb694347dd827140_NeikiAnalytics.exe