362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354

Analysis

max time kernel
11s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Size

1.1MB
MD5

d6649a6778c42d3a73da84e7926bc8b0
SHA1

9c52d5828c9a93a8c2eccb2587a032f9772f4003
SHA256

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354
SHA512

cc1a33661a7ca8997f8095c591779d9af1478d65c3e14e5490c3d0e19146ddb974a3883b51fbfee70efca03834397dd2ad0139098aa8b8968cb818cba630b675
SSDEEP

24576:COyOuKpA9temTKNaX5SH/l16Vf0OPI/CXpgZ0u:CbOu6AfLKsgd0D8CuZR

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\U:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\V:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\A:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\I:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\L:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\N:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\P:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\T:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\G:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\O:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\S:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\R:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\W:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\B:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\E:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\H:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\K:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\M:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\X:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File opened (read-only)	\??\J:	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian handjob [bangbus] 40+ .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum hidden (Anniston).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore [free] nipples (Sandy).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish porn uncut hole high heels .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm uncut titts .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\american handjob kicking public .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian nude sleeping nipples traffic (Sonja,Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian handjob beastiality hot (!) legs traffic (Jenna).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese fetish blowjob sleeping .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese nude uncut shower .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french lesbian masturbation .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish sperm hot (!) mature (Curtney,Jade).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in Program Files directory 18 IoCs

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Templates\chinese cum [milf] ash .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian cumshot several models (Gina).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese animal beast girls vagina .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\african action [bangbus] ash (Jade,Samantha).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gang bang masturbation legs ash .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beastiality beastiality big .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\fucking sperm licking .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish gang bang several models .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\british bukkake lesbian masturbation titts upskirt .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Update\Download\lingerie big legs black hairunshaved .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum blowjob hidden titts (Sandy,Janette).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal trambling several models redhair (Tatjana,Samantha).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian gay xxx uncut .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum hot (!) fishy .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish cumshot nude [milf] stockings .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese nude horse full movie upskirt (Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african fetish [bangbus] penetration .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish blowjob lesbian .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Drops file in Windows directory 50 IoCs

Processes:

362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\brasilian beastiality [bangbus] girly (Gina).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob voyeur titts penetration (Gina).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\american fucking gay voyeur (Kathrin).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx several models glans .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british horse cumshot hidden cock hairy (Christine,Britney).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\brasilian gang bang several models hole latex (Ashley,Britney).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\african blowjob fucking lesbian gorgeoushorny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse voyeur cock .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\german lesbian fucking licking blondie .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\animal xxx girls (Kathrin).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia lesbian blowjob hot (!) .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gang bang girls .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\american beastiality full movie femdom .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\nude nude hot (!) bondage (Ashley).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\brasilian porn cum catfight .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\handjob sperm hot (!) YEâPSè& (Sonja,Liz).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian porn lesbian nipples swallow .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\gang bang gang bang several models .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\norwegian fucking cum catfight vagina (Samantha,Curtney).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie several models 50+ (Kathrin,Curtney).zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish trambling bukkake licking femdom .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\blowjob gay public .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish handjob xxx hot (!) lady .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian blowjob sperm [milf] sm (Sonja,Tatjana).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\lingerie gay lesbian .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\blowjob gang bang girls titts bedroom .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cumshot girls circumcision (Melissa,Jenna).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\danish fetish gang bang [milf] nipples 40+ (Jade,Sylvia).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish fucking full movie circumcision (Liz,Ashley).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\canadian porn licking pregnant (Britney).mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\japanese sperm gay public circumcision .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese lingerie lingerie uncut castration (Anniston,Liz).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\security\templates\danish sperm voyeur .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\handjob blowjob several models bedroom .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish horse voyeur boobs ejaculation .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian fucking gay [milf] gorgeoushorny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking xxx hot (!) stockings .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black cum cum masturbation granny .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian trambling lesbian catfight penetration (Kathrin).rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\american fucking blowjob catfight feet Ôï .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\malaysia lesbian girls vagina ejaculation .mpg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\british horse lesbian young (Sylvia,Kathrin).mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian lingerie action catfight bondage .zip.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american lingerie masturbation .mpeg.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese fetish lesbian hot (!) circumcision .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\animal lingerie sleeping balls .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\russian blowjob public beautyfull (Melissa).avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\sperm licking .avi.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake animal full movie ash bondage .rar.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

Processes:

pid	process
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4504	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4504	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3592	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3592	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4972	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4972	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1100	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1100	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3844	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3844	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1952	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1952	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3092	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
3092	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5012	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5012	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1300

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2428

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4308

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3124

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
8⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
8⤵
PID:12968

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:14448

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:14292

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:13612

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13336

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:13104

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14408

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14992

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12712

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13684

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1100

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:11652

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:12900

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13676

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:11872

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13008

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13320

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14936

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13412

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14976

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14608

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13176

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13628

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3396

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4504

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:12992

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14416

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:13080

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13352

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13604

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12808

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:12860

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14424

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12832

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13344

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13644

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3592

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:1188

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13496

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14928

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12748

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14456

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13404

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13792

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:12840

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13388

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:14472

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4440

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:704

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5012

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:12848

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14480

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:13000

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
7⤵
PID:12824

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13880

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:14952

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13016

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:212

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12876

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14464

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12868

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14432

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13396

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13380

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3844

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13120

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12884

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14384

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13096

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13668

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14312

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13088

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13128

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:14488

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:11936

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:13660

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5084

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:12984

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14944

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
6⤵
PID:13024

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14968

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:12800

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:388

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:14392

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:12892

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13636

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13872

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:13620

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1952

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:14960

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:12976

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:14984

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
5⤵
PID:13112

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13652

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:12756

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:12912

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
4⤵
PID:13032

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:14400

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:14440

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
3⤵
PID:13136

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe"
2⤵
PID:13328

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\animal trambling several models redhair (Tatjana,Samantha).zip.exe
Filesize
1.6MB

MD5
533bfd5cdb9825491a904f3dbd56be6d

SHA1
5222111d0ae75d302b0f148c0dc6f923eb69f428

SHA256
aabf5c1c85fe1a779171cdde83d03e2d30d54d7b197643ad5411c600ac50df89

SHA512
bbce1925d75ab23fb04598a47a8ae83f33b3cf33cb73f7f24fb5b3e495cf5507a4359a6fa2351e9cdd643ed49509d7afe5dc519284fbe981e1ea39e5da8cc299

Download Submit

description	pid	process	target process
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 2428	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 4308	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 4440	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 3124	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3396	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 704	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 5084	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 4504	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 1100	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4972	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 3592	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 3844	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 1952	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 5084 wrote to memory of 3092	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 704 wrote to memory of 5012	704	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3124 wrote to memory of 4344	3124	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4308 wrote to memory of 2760	4308	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 3396 wrote to memory of 2440	3396	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 4440 wrote to memory of 2288	4440	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 2428 wrote to memory of 1072	2428	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 1300 wrote to memory of 3384	1300	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe
PID 5084 wrote to memory of 1572	5084	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe	362f4b21468484d6b00d9c72b30db49ee43303ccc362e87a3a14ff4c1b662354_NeikiAnalytics.exe