3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0

Analysis

max time kernel
11s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Size

635KB
MD5

d499851756cad4fd4a40a464deb60e00
SHA1

afe4777959450bb9eacc51d771d9abc69fde2d0e
SHA256

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0
SHA512

195ac559ba0552eb22e3804fd035817c4d7f7b98235f24afb37a86ae9a0b0de7f4889de44fbcf7f15ffc9b5717a0e1e98e47b8255de4395e729d596cc83ea49c
SSDEEP

12288:dXCNi9B1pXCb3mQQPR5cJtaG51SmHIW813HJwiBcI8G2mLrASJZssmpP:oW1EqjcJtl5cOIr1ZwiGXG2ArPlCP

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\K:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\S:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\T:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\U:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\W:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\I:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\N:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\V:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\L:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\J:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\O:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\P:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\R:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\B:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\E:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\G:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\H:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\M:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\X:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File opened (read-only)	\??\A:	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\russian porn lingerie hidden glans (Anniston,Sylvia).rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian horse catfight glans .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian nude beast [bangbus] .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie [free] hole girly (Liz).rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish porn fucking uncut cock .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american horse fucking lesbian swallow .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\american handjob gay several models .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black kicking sperm hidden (Curtney).avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm hidden titts gorgeoushorny .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian kicking beast several models swallow .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\danish cumshot gay [bangbus] hole mature .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish animal horse uncut feet .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Templates\sperm [bangbus] titts .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lesbian girls sm .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese horse beast voyeur titts bondage .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian nude hardcore several models stockings .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish nude gay [free] feet swallow .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\indian action sperm public blondie .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\italian cumshot sperm several models cock .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish porn gay [bangbus] \Û .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese trambling masturbation blondie .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\russian nude bukkake hidden sweet .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake uncut .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse [bangbus] .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese handjob xxx sleeping feet 50+ (Janette).zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish kicking sperm licking (Sylvia).avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast public castration (Anniston,Curtney).zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse [bangbus] redhair (Gina,Sarah).avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish horse sperm public feet boots (Liz).avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\italian handjob blowjob voyeur boots (Anniston,Sylvia).rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Drops file in Windows directory 28 IoCs

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\italian fetish gay licking glans shoes (Liz).mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie girls circumcision .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish cum bukkake uncut young .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob catfight hole .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black action sperm licking glans YEâPSè& (Tatjana).mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\blowjob sleeping feet .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse uncut circumcision (Jenna,Tatjana).mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm lesbian (Sarah).mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\russian action lesbian [free] girly .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian horse hardcore girls glans .zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay several models sm .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob uncut titts shower (Tatjana).avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cumshot trambling [bangbus] black hairunshaved .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling [milf] sm .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\danish handjob gay sleeping titts girly .rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\lesbian lesbian hole fishy .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\italian porn trambling lesbian (Sylvia).rar.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude lingerie licking pregnant .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\indian action hardcore sleeping balls .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\italian kicking trambling hidden .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\security\templates\beast girls .mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian fetish hardcore masturbation .avi.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese lesbian hidden beautyfull .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian catfight cock bondage (Tatjana).zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob lesbian titts .mpg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\black horse lesbian voyeur (Janette).zip.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian gang bang beast several models glans swallow (Janette).mpeg.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 60 IoCs

Processes:

3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

pid	process
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3004	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3004	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2336	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2336	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1040	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1040	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
60	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
60	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1592	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1592	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1848	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
1848	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5040	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
5040	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1980

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3176

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
8⤵
PID:12272

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:11388

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:12876

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:13116

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:11828

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:12956

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4448

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:12264

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:12004

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:13264

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:60

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:12016

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:13056

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:11852

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:11436

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12388

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12964

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5028

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1620

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:972

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
7⤵
PID:12376

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:13048

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2336

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:12576

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:12824

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:12596

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:11396

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:13096

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12280

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1972

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1592

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
6⤵
PID:12204

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12448

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
5⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:12800

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12584

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:12396

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
4⤵
PID:13032

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
3⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe"
2⤵
PID:11108

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake uncut .mpeg.exe
Filesize
1018KB

MD5
5b7d194439a6aae32b7dce2e730754a3

SHA1
d8f599d57c445da2ccc08cc7a98729b3b562a9e5

SHA256
950836d52a8a8a5c1f0215a319988237fbb6c08846e66fc9387b5aae9841b677

SHA512
b25d9ff0e099ef9a5287d6d9bd14e266d7f5cb5f5472a3466f5ec609de4f205ed9e1619e5ad31ed4227555468697a0e6ce5d53174a8792654b4aee4da81a073a

Download Submit
memory/60-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/972-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1420-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1620-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1840-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1972-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2336-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2968-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2968-15-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3136-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3620-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3916-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4448-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5028-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5140-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5168-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5180-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5208-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5248-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5376-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5396-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5468-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5540-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5564-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5576-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5588-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5616-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5800-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5860-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5900-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5984-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6056-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6080-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6096-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6104-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6112-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6124-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6132-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6204-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6332-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6352-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6360-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6380-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6420-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6444-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6584-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6592-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6600-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6704-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6844-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7052-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7120-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7224-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7328-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7372-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7452-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7544-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7600-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7608-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7644-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7704-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7812-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7820-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7896-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7928-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7940-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8100-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8128-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8232-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8300-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8308-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8416-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8424-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8432-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8752-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8760-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8828-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9052-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9060-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9156-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9236-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9324-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9464-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9472-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9560-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9612-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9628-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9732-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9740-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9776-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download

description	pid	process	target process
PID 1980 wrote to memory of 2968	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 2968	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 2968	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 5028	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 5028	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 5028	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3176	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3176	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3176	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1620	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1620	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1620	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1972	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1972	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1972	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 4448	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 4448	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 4448	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 3004	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 3004	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 3004	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 2336	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 2336	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 2336	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1040	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1040	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 1040	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 60	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 60	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 60	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4620	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4620	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4620	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1620 wrote to memory of 972	1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1620 wrote to memory of 972	1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1620 wrote to memory of 972	1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 1592	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 1592	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 1592	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 4448 wrote to memory of 1848	4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 4448 wrote to memory of 1848	4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 4448 wrote to memory of 1848	4448	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3004 wrote to memory of 5040	3004	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3004 wrote to memory of 5040	3004	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3004 wrote to memory of 5040	3004	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1756	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1756	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 5028 wrote to memory of 1756	5028	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 3620	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 3620	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1980 wrote to memory of 3620	1980	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3916	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3916	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2968 wrote to memory of 3916	2968	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4068	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4068	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 3176 wrote to memory of 4068	3176	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 2928	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 2928	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1972 wrote to memory of 2928	1972	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2336 wrote to memory of 3172	2336	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2336 wrote to memory of 3172	2336	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 2336 wrote to memory of 3172	2336	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe
PID 1620 wrote to memory of 3280	1620	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe	3503bcf9ce675d8ce7e982cb8402178de966bf8f1de4fa3c5a8ef68065e058c0_NeikiAnalytics.exe