97fe2996f274c8c30cded5b4103e7c6077e5fef5d3a9bbbe266a843db8e0bfa8

Analysis

max time kernel
15s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Size

1.3MB
MD5

697cd49a145913a2518e703133972d70
SHA1

967e67e3f6ec8a7c843a22e49dd5416503a2d6b3
SHA256

97fe2996f274c8c30cded5b4103e7c6077e5fef5d3a9bbbe266a843db8e0bfa8
SHA512

8b1370955997228b44d5782fe940a9a3cc10eb666894c1e7ae17f9af21108edc02a5d8e659a733ec346a63f189c6fecbd3ea741d00f00246c51a8b826424cd18
SSDEEP

24576:lq8xfsY0Z4U/EDtH2cWfrUKCKRmcZi/nCJf5cXilRdmI0jMA6suRaTmv6LSc5G73:JE2UO92rUTQmcynufh3hmMA6V/iLc7Oo

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\A:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\I:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\N:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\O:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\G:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\P:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\T:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\X:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\B:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\E:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\H:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\S:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\W:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\J:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\K:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\L:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\M:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\R:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\U:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File opened (read-only)	\??\V:	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake xxx lesbian sweet .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cum porn [milf] feet .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french sperm girls fishy .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian blowjob girls beautyfull .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast porn big fishy (Jenna).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\handjob handjob sleeping mature (Sarah).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese hardcore several models young (Liz).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\chinese fucking full movie feet (Sandy).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob [free] .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay uncut nipples blondie (Sonja,Sandy).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay big boobs girly .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake horse public .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Temp\spanish fetish [milf] nipples hairy .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian animal lesbian hidden .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian cumshot lesbian girls titts (Christine,Anniston).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\russian lingerie trambling masturbation Ôï (Ashley,Anniston).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\black lingerie nude masturbation legs leather (Anniston).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish lesbian hot (!) vagina wifey (Jenna,Karin).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french beastiality sleeping boobs (Sarah).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\cum [free] .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish beastiality animal [bangbus] Ôï (Tatjana).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese horse uncut beautyfull .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\american nude public mature (Kathrin,Samantha).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian [bangbus] .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie girls .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish beast beastiality public granny (Gina,Britney).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\chinese bukkake fetish licking glans ash .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\blowjob trambling sleeping boots (Ashley).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang licking .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish beast licking wifey (Jade,Gina).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Drops file in Windows directory 64 IoCs

Processes:

697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore several models (Gina,Sonja).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\cumshot licking .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish xxx licking vagina .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\danish animal sperm catfight fishy (Christine).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german horse girls vagina bedroom .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian handjob cumshot catfight bedroom .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude fucking lesbian cock (Melissa,Jade).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian horse public castration .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\cum [bangbus] .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\nude voyeur shoes (Karin,Curtney).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\handjob gang bang sleeping girly .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\swedish beastiality lingerie hot (!) vagina beautyfull (Melissa).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\french fucking several models upskirt (Sylvia,Karin).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish xxx full movie boots .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese animal [free] boobs castration .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish xxx public mature (Jenna,Samantha).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cumshot cumshot lesbian feet .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\japanese handjob fucking catfight (Tatjana,Liz).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american kicking trambling lesbian shoes .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish gang bang big .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black kicking voyeur glans YEâPSè& (Melissa).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\british beast uncut (Karin).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish cumshot animal hidden circumcision .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action hot (!) bondage .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\russian gang bang [free] young .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\indian action xxx big feet ejaculation (Tatjana,Sylvia).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\porn uncut femdom .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\lingerie several models boobs bondage .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking gay girls titts stockings (Jade).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\malaysia lesbian masturbation hole YEâPSè& (Karin,Karin).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia beast trambling voyeur .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black xxx masturbation hole leather .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\malaysia animal [bangbus] (Kathrin,Jade).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian beast trambling girls (Anniston,Jenna).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\indian blowjob public balls .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\african horse fucking hot (!) .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\hardcore [milf] hole (Ashley).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african blowjob blowjob catfight .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\russian animal sperm girls (Anniston).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia hardcore catfight nipples .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\danish horse gay several models cock ash (Samantha).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\fetish gang bang sleeping .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\horse beast catfight nipples .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\french xxx horse [milf] penetration (Ashley).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum masturbation ash hairy (Samantha).avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french fetish action girls (Gina,Sandy).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\swedish horse several models ash penetration .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian fucking cum licking lady (Ashley).mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\horse full movie (Jade,Samantha).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black gay girls femdom .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\cumshot nude big vagina .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish bukkake animal big legs .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\norwegian gang bang [free] glans 40+ (Sonja).rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cum [bangbus] nipples .mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\japanese nude public lady (Sarah).zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese action girls stockings .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian porn action [free] .rar.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\british fucking uncut 40+ .avi.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\german gang bang horse [free] gorgeoushorny .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\horse lesbian [bangbus] .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish gang bang sleeping feet ejaculation .zip.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\swedish beast several models castration (Sandy,Janette).mpeg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\german horse [bangbus] hole castration .mpg.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4848	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4848	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
640	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
640	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
5108	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4632	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
5108	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4632	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
5008	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
5008	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1608	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1608	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
876	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
876	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4736	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4736	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4672	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
4672	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:220

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4724

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1080

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4668

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4736

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
8⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
8⤵
PID:15364

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
8⤵
PID:18784

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:12052

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15984

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:19104

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:11620

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15540

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:18968

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15672

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:19096

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12376

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:19000

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15372

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:19024

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11460

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15396

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18984

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11604

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15524

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18840

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18816

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11500

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15444

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18844

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1608

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:11308

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15380

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:19288

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8764

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15516

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18912

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12188

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15548

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18904

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18952

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12548

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15352

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18704

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18992

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12252

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:16640

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19348

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12484

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15248

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18520

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:17316

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18240

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11484

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15468

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18896

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1752

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:640

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:15192

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:18800

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12044

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15932

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:19340

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12504

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15240

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12524

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18720

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15484

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18944

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:19080

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11596

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15476

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19128

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12540

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15232

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19032

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18744

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11492

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15452

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18920

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4848

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18776

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:16812

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19364

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12532

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18712

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11508

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15272

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18528

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19040

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:12196

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15224

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:12236

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:16152

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19300

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:13396

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15312

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18696

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:15420

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18928

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4692

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:876

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
7⤵
PID:19056

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12244

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:16408

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:19324

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:12456

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:16960

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18080

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18832

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11548

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15428

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18880

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15700

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:19064

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12368

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:17036

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12392

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:13416

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18752

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:736

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15200

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18888

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11412

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15388

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19112

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4632

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:13120

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18824

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:16800

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19356

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11612

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15508

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18792

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12476

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:17108

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:17176

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11524

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15460

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19120

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19048

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:16916

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19392

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:16584

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19332

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19072

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:12384

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:17076

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18096

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2880

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:15404

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
6⤵
PID:18960

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:15556

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19016

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:16440

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19316

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18736

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15264

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:18768

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11564

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15492

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18864

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:12204

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:16196

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19308

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15564

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18936

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:11556

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:15500

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18976

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:5008

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
5⤵
PID:19088

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15532

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:19008

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:11476

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:15216

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18544

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:12516

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:13316

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18728

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:11540

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:15436

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18856

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
4⤵
PID:18760

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:12212

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:15256

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18536

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:12496

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
3⤵
PID:18808

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:15412

C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697cd49a145913a2518e703133972d70_NeikiAnalytics.exe"
2⤵
PID:18872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie girls .mpg.exe

Filesize
827KB

MD5
f5ef2d819b3036cfeb621776f0e7b03f

SHA1
8c3f3ef00be747acc3e73895ea43a80c88f068c1

SHA256
a8761e770b394512bf62632d13394266021f2246e3cc0b6feab089f692ae664a

SHA512
695bcd9d4c7261af4ed870433d1c98761ce6182942367d9106b108d1204b22b6126c97b10099a8acacfb13479c70353dbc06e0b75d395e8c56d88c9e84501e88

Download Submit
memory/220-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/220-311-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/220-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/220-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/220-380-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/628-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/628-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/640-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/876-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/876-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1080-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1240-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1240-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1608-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1608-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1752-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1752-168-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2404-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2644-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2644-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2756-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2756-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-169-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3192-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3612-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3828-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3828-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4632-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4656-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4668-173-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4672-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4692-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4692-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4724-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4724-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4736-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4848-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4848-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5008-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5108-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5132-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5132-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5140-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5140-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5148-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5148-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5160-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5236-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5236-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5292-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5344-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5352-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5352-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5360-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5360-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5372-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5372-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5384-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5400-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5408-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5408-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5420-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5420-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5428-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5428-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5436-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5444-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5452-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5452-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5460-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5468-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5476-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5484-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5484-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5544-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5716-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5716-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5724-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5724-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6208-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6224-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6232-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6240-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6284-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6304-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6356-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6416-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6424-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6692-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6788-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6948-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6968-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7020-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7028-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/7148-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download

description	pid	process	target process
PID 220 wrote to memory of 4724	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4724	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4724	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1080	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1080	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1080	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4692	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4692	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4692	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1752	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1752	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 1752	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 2880	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 2880	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 2880	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 2756	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 2756	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 2756	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 4668	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 4668	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 4668	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 4848	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 4848	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 4848	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 640	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 640	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 640	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 5108	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 5108	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 5108	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 5008	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 5008	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 5008	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 4632	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 4632	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 4632	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 1608	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 1608	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 1608	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2756 wrote to memory of 876	2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2756 wrote to memory of 876	2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2756 wrote to memory of 876	2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4668 wrote to memory of 4736	4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4668 wrote to memory of 4736	4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4668 wrote to memory of 4736	4668	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 3192	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 3192	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4724 wrote to memory of 3192	4724	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 4672	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 4672	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1752 wrote to memory of 4672	1752	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 3612	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 3612	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2880 wrote to memory of 3612	2880	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4656	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4656	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 220 wrote to memory of 4656	220	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 1240	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 1240	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 4692 wrote to memory of 1240	4692	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 2404	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 2404	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 1080 wrote to memory of 2404	1080	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe
PID 2756 wrote to memory of 2392	2756	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe	697cd49a145913a2518e703133972d70_NeikiAnalytics.exe