39c467554a5005c87f5b4c41215e469e7f1285e7b877376e2da3170e8e13afef

Analysis

max time kernel
11s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Size

1.1MB
MD5

828562b4fd7b9418420a5cc76a8b1050
SHA1

306ad22ea8f583f3516a44052d0547ad3d2d41e0
SHA256

39c467554a5005c87f5b4c41215e469e7f1285e7b877376e2da3170e8e13afef
SHA512

2f53c44fb26216fae231126828aeaec44f5d48c5295507b447cb534bdb3534a9d3d7e4114d953bc52dbb25c57b4dd4b273e1adf67a1a778e6b212e93cdc94287
SSDEEP

24576:lq8rn2WkudS/gic0vKNuWviq84MV/ZobLd3eBKyX:T0qSPe8ii34MVSbJMK6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\L:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\M:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\T:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\X:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\G:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\J:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\K:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\N:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\O:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\S:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\W:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\H:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\B:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\E:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\P:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\R:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\U:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\A:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\V:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File opened (read-only)	\??\I:	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\Temp\hardcore uncut swallow (Jenna,Liz).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black nude trambling public .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese horse lesbian big feet sm (Samantha).zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian full movie .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore hot (!) titts .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish cum beast [bangbus] titts mature .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie several models hole redhair (Curtney).rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian lesbian licking penetration .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast lesbian (Curtney).zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black horse lingerie voyeur feet beautyfull (Tatjana).rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake hidden granny .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian kicking lingerie public hole .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish horse blowjob big pregnant .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish handjob hardcore hot (!) .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish gang bang hardcore [bangbus] .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black kicking horse [bangbus] cock balls .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian cum sperm [free] glans .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude blowjob hidden mistress .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beast licking 40+ (Gina,Melissa).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake [milf] femdom .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian nude xxx lesbian feet .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian action bukkake uncut .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\lingerie uncut (Sarah).mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish horse lingerie uncut cock swallow (Jade).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\hardcore big (Tatjana).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese fetish hardcore [milf] hole redhair .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude gay masturbation high heels (Christine,Karin).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\danish kicking horse public wifey .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\indian action lingerie public hole .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian porn lingerie licking bondage .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Drops file in Windows directory 48 IoCs

Processes:

828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish gang bang sperm big feet .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian lingerie girls young .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lesbian lesbian feet traffic (Sarah).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cumshot fucking hidden hole granny (Sylvia).mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lingerie hidden glans redhair (Samantha).mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\xxx voyeur sweet (Christine,Tatjana).avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake girls boots (Kathrin,Tatjana).zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian beastiality trambling [bangbus] feet penetration (Melissa).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\trambling voyeur .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese gang bang lesbian masturbation titts 50+ .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\blowjob sleeping hole granny (Janette).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian hardcore hot (!) pregnant .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\gay full movie hole hotel (Sylvia).zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\norwegian trambling hidden ejaculation .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cum xxx [free] titts .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese cum xxx [bangbus] cock gorgeoushorny .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\italian handjob fucking public .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian horse bukkake girls glans femdom .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie lesbian gorgeoushorny .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\indian cum xxx licking glans latex .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian action trambling [milf] fishy .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\american beastiality trambling [milf] .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake masturbation ash .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse voyeur glans boots .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish cum trambling sleeping shoes .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese hardcore licking hole hotel (Janette).rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\japanese action blowjob [free] glans hairy (Liz).mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\gay several models .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie sleeping cock girly (Curtney).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\security\templates\indian action horse hidden titts .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\malaysia gay full movie hole Ôï (Karin).mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian animal blowjob sleeping girly .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish beastiality sperm voyeur hairy .mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\porn lingerie public (Sarah).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\sperm full movie castration .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx voyeur .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie hidden glans sm .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\american fetish trambling hot (!) ejaculation (Gina,Melissa).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\cum beast sleeping 40+ .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cumshot blowjob big cock gorgeoushorny .avi.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish handjob lesbian hot (!) (Tatjana).zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black kicking beast [milf] pregnant .mpeg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\british trambling [milf] feet fishy .zip.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse hot (!) hotel .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lesbian lesbian (Tatjana).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french hardcore uncut feet sm .rar.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\asian fucking girls (Karin).mpg.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 58 IoCs

Processes:

pid	process
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3308	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3308	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2108	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2108	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3228	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3228	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
1924	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
1924	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
1404	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
1404	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4948	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4948	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
404	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
404	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4160	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4160	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3596

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3220

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4776

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4092

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
8⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
8⤵
PID:13644

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
8⤵
PID:17364

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:15728

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:14072

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:15956

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15244

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:14332

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:16196

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15572

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:14292

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13196

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12756

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:18180

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:14996

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:17340

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15900

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13808

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:14564

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15208

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13924

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:17196

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15816

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13204

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12468

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17868

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:12364

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:17380

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
PID:5100

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:15160

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:17224

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15672

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13660

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15976

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:14872

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13880

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:16272

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15564

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12940

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:18364

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12432

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17904

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17372

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11992

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16428

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:13212

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13272

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:14624

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15984

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15824

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15832

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:14712

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15036

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17844

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16344

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13332

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13176

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13188

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:13424

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:15528

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:17232

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:11972

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:16312

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3432

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:404

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:13520

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
7⤵
PID:17396

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15660

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:13916

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:15012

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:14376

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:14080

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:17172

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15736

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:17852

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:11964

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:16288

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12948

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:18332

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:13324

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3228

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:14236

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:17188

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15604

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13128

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12728

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:18172

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:12852

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13888

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13316

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:14092

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17204

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11984

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16440

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:15200

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:12064

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:16820

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4300

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:12032

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
6⤵
PID:17356

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15840

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:14400

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13264

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:13676

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:15536

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:14928

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17180

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11564

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16280

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:15152

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:17388

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:16788

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3308

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:13604

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:12448

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17420

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
5⤵
PID:17860

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16776

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:16296

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:15028

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:17216

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:16112

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:13592

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:12356

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:17428

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:12812

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:18208

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
4⤵
PID:15852

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:14392

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:14892

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
3⤵
PID:17588

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe"
2⤵
PID:16304

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude blowjob hidden mistress .mpg.exe
Filesize
1.4MB

MD5
c97aa469ee51621b8c642b5a99aef18b

SHA1
7fa6fb98f58ffbb620fb250e673f73163c9b936b

SHA256
6a1c037106f8a467190e7508e108868e469be910ed07991f672af7fd13a9cba5

SHA512
f2894399c5ee65f36a2da931257e8cea81d6500deb5c4e4926c3ce001b11b20e18e4c59f5828f990e327b234861d549438ebb01a06927ce5146a1e48303a508f

Download Submit
memory/404-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/404-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/412-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/412-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/620-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/620-219-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1136-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1136-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1404-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1404-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1924-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2220-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2220-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3220-26-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3220-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3228-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3308-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3308-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3432-167-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3556-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3556-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3568-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3596-323-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3596-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3596-511-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3596-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3884-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3988-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3988-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4044-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4044-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4160-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4236-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4300-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4300-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4480-220-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4520-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4520-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4528-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4776-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4776-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4948-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4948-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5100-164-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5188-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5188-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5228-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5304-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5348-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5424-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5424-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5432-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5596-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5604-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5612-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5612-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5636-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5636-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5744-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5792-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5792-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5800-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5924-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5940-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5940-253-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5948-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5948-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5956-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5968-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6000-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6056-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6064-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6064-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6168-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6280-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6304-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6304-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6312-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6312-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6332-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6332-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6340-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6340-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6360-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6368-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6368-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6500-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6508-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6568-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6640-251-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6648-252-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6672-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6716-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6764-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6964-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download

description	pid	process	target process
PID 3596 wrote to memory of 3220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 3220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 3220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 2220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 2220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 2220	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 4776	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 4776	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 4776	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 5100	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 5100	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 5100	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 4300	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 4300	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 4300	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3432	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3432	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3432	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4092	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4092	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4092	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 2108	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 2108	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 2108	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 3308	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 3308	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 3308	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3228	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3228	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3228	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 1924	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 1924	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 1924	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4948	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4948	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 4948	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3432 wrote to memory of 404	3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3432 wrote to memory of 404	3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3432 wrote to memory of 404	3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4092 wrote to memory of 4160	4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4092 wrote to memory of 4160	4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4092 wrote to memory of 4160	4092	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2108 wrote to memory of 4236	2108	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2108 wrote to memory of 4236	2108	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2108 wrote to memory of 4236	2108	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3308 wrote to memory of 4044	3308	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3308 wrote to memory of 4044	3308	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3308 wrote to memory of 4044	3308	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 3556	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 3556	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3220 wrote to memory of 3556	3220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 1136	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 1136	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3596 wrote to memory of 1136	3596	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3884	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3884	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 2220 wrote to memory of 3884	2220	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 4528	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 4528	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4300 wrote to memory of 4528	4300	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 620	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 620	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 4776 wrote to memory of 620	4776	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe
PID 3432 wrote to memory of 3568	3432	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe	828562b4fd7b9418420a5cc76a8b1050_NeikiAnalytics.exe