2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86

Analysis

max time kernel
9s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Size

1.4MB
MD5

bb79e055b6ad691023039e7a523bcbb0
SHA1

537754dc925ba1994fc7f4480cb4edd5a372bae6
SHA256

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86
SHA512

c58dd2310091fb839f4b558f6f634b12d1bdd768bdee0739717d3cbfc458b01971809e853dc719a4dcfdc5dda015ceac3c19493f22cc8a55d1c61eb9b50ca906
SSDEEP

24576:Ch2ZjGCCr8Hf/NVPrusZmWXNRJNfl5cWVElB958RfcUWiJEvJmZ83tmEljXeAY4e:CkZ9Hf/NIs/N/d4WVEj78uFiJEvJo8IL

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\N:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\V:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\G:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\H:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\I:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\L:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\W:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\A:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\B:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\E:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\P:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\R:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\J:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\K:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\M:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\T:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\U:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\X:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\O:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File opened (read-only)	\??\S:	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Drops file in System32 directory 4 IoCs

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang beast [free] gorgeoushorny .avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\lingerie girls femdom .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese nude lingerie [milf] glans .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\beast licking titts .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Drops file in Program Files directory 20 IoCs

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beast lesbian .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish porn horse catfight titts shower .avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm uncut feet bedroom (Liz).zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian cumshot blowjob catfight (Melissa).zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish kicking sperm voyeur hole wifey .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian animal trambling full movie feet 40+ .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\russian nude xxx [bangbus] 40+ .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish cum blowjob girls cock (Ashley,Tatjana).zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\russian nude blowjob hot (!) circumcision .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese nude hardcore public glans YEâPSè& .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish nude xxx hidden swallow .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA671.tmp\hardcore sleeping balls .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore voyeur cock .avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian beastiality blowjob voyeur titts girly .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFD7095D-03FC-4A5C-948B-20FAB1B69302}\EDGEMITMP_4CFFA.tmp\gay sleeping titts high heels .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\bukkake [milf] feet beautyfull .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\trambling [free] lady .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american cum lingerie full movie titts girly (Sylvia).rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\brasilian kicking lingerie catfight circumcision .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian animal hardcore sleeping penetration .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Drops file in Windows directory 24 IoCs

Processes:

2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm [bangbus] boots (Kathrin,Jade).avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\russian animal gay several models glans .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore uncut .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese kicking xxx hidden .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\japanese handjob gay [bangbus] .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\american kicking bukkake full movie wifey .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian licking upskirt .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm uncut .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\indian animal gay voyeur high heels .mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling [milf] feet upskirt (Janette).zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore lesbian .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish action blowjob several models (Liz).rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish nude trambling catfight hole bedroom (Sarah).mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\russian animal sperm hidden traffic (Ashley,Jade).avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\russian fetish lesbian voyeur femdom .rar.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang trambling [milf] fishy .avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\security\templates\lesbian several models feet beautyfull (Janette).avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx [bangbus] (Samantha).mpeg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\lingerie catfight feet Ôï .mpg.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\british lingerie full movie .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay [milf] .zip.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black cum beast several models wifey .avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american gang bang hardcore voyeur 40+ (Sonja,Liz).avi.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

pid	process
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
3648	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
3648	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
976	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
976	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
3756	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
3756	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
848	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
848	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 39 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2280

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2376

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4956

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:848

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
8⤵
PID:13296

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:11800

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:11368

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:13736

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:11772

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:13716

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12780

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:11724

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:13980

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13520

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:14160

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13700

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13728

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13144

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12328

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:13152

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11816

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:14232

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12184

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13964

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9468

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12576

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11436

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13328

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13336

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12144

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12412

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4292

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3648

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
7⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:12620

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:13192

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12684

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11648

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:12544

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12316

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:13248

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13800

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12536

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:11916

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:12764

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:13572

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13060

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13860

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13288

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:12136

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:976

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
6⤵
PID:11716

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:14048

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:14184

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13124

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12628

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:14000

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:12560

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
5⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:14056

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:12568

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13644

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
4⤵
PID:13708

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:12772

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:11964

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
3⤵
PID:12528

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe"
2⤵
PID:11976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3028,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8
1⤵
PID:1400

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore voyeur cock .avi.exe
Filesize
989KB

MD5
e904899200da7dd346d14d085466794d

SHA1
17d00d746aa5bf947446765fc75b5628256bb7ba

SHA256
38e071d8a511a17a108d44c0d102a9327ef2d90f90f5429d378a6a4f83d25207

SHA512
15055e8b0f402e570a8aa6cc02c43934e7f1423a8d0141cc66c1581cc521b1d43f86071bcb0f5d59dca9a79ce985308595e8a8258e1331934a95ca652bdda7c7

Download Submit

description	pid	process	target process
PID 2280 wrote to memory of 2376	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 2376	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 2376	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 4292	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 4292	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 4292	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 4956	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 4956	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 4956	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 3648	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 3648	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 3648	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 976	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 976	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 976	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 3756	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 3756	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 3756	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 848	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 848	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 848	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 2800	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 2800	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4292 wrote to memory of 2800	4292	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 3648 wrote to memory of 2992	3648	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 3648 wrote to memory of 2992	3648	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 3648 wrote to memory of 2992	3648	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 2080	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 2080	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2376 wrote to memory of 2080	2376	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 2004	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 2004	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 2280 wrote to memory of 2004	2280	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 2344	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 2344	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 4956 wrote to memory of 2344	4956	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 976 wrote to memory of 2820	976	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 976 wrote to memory of 2820	976	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe
PID 976 wrote to memory of 2820	976	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe	2d879a5f2a86c1a8dcb59885cc830b012a2a171d0c79aa0582f22d34f94f7b86_NeikiAnalytics.exe