369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae

Analysis

max time kernel
14s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Size

1.8MB
MD5

5739315e71b132b6ea380e634bb7ee30
SHA1

8a70cb0d163ece05dde8b67dd85e1db1d98a7017
SHA256

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae
SHA512

03fc3ab1eeb33ab1b5c576e0fd9f7e4b2fc4c2169e3a11b63eaa4625a586b3c7be6ba4e273c1c45672133f12794eedb19b7682ccb5c153b651ed6e248ba505f1
SSDEEP

24576:oWpxSC/25QUGibGGNUkT+tK4DMdGvT8x1ZtBNvdn4C3yqJZbH2gwy5uN1je3tRA3:VpPmGibXTMROnTn4CCIZbFY2tRq0qL

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
File opened (read-only)	\??\G:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\J:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\K:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\L:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\Q:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\R:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\W:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\E:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\H:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\I:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\U:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\V:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\X:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\Z:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\Y:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\A:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\B:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\M:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\N:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\O:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\P:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\T:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File opened (read-only)	\??\S:	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Drops file in System32 directory 12 IoCs

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian horse trambling masturbation cock .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm girls feet .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese kicking beast hot (!) feet .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\System32\DriverStore\Temp\danish fetish lingerie hot (!) glans .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling public glans ejaculation (Jade).avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian cum lesbian uncut .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish cumshot beast girls (Tatjana).rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie several models young .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm uncut titts high heels (Samantha).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black porn fucking hidden .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black nude beast licking femdom .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake [milf] (Sarah).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Drops file in Program Files directory 20 IoCs

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files (x86)\Google\Update\Download\hardcore [bangbus] mature (Sandy,Liz).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\american fetish blowjob several models .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\danish beastiality lingerie several models 50+ (Christine,Samantha).zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american animal bukkake big YEâPSè& (Anniston,Melissa).avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german horse voyeur blondie .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish beastiality bukkake girls hole granny .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking big 40+ .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian nude horse licking shower .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore lesbian feet hairy (Sylvia).zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{012F12C5-F267-46F5-BABE-4C602515640C}\EDGEMITMP_0327D.tmp\russian horse gay girls cock .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish animal xxx girls young .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse full movie leather .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx licking bondage .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish action beast voyeur .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish beastiality blowjob licking young .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\american action bukkake [bangbus] cock lady .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\tyrkish gang bang sperm licking YEâPSè& .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Google\Temp\blowjob [milf] traffic .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese nude bukkake hidden glans sweet .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\hardcore uncut .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Drops file in Windows directory 62 IoCs

Processes:

369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\american handjob blowjob uncut hole wifey (Jade).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay [bangbus] .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese cum sperm licking glans .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake big sweet .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian action horse public 40+ .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\russian handjob xxx full movie redhair (Anniston,Samantha).avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\black horse gay sleeping .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish animal trambling [free] glans .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian gang bang lesbian [free] hole black hairunshaved .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\bukkake full movie hole 40+ (Karin).zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\blowjob lesbian stockings .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\gang bang trambling hot (!) feet blondie .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cumshot lesbian [milf] young .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\gay uncut feet leather .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse public (Sarah).avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\italian cumshot horse full movie glans balls .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\sperm uncut hole .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese sperm [bangbus] 50+ .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\temp\italian porn lesbian public boots .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian beastiality lingerie full movie boots .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude trambling hot (!) stockings .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\sperm hidden hole YEâPSè& (Melissa).mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german lesbian big glans granny (Sarah).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\xxx [bangbus] .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\asian xxx girls glans redhair .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\british trambling full movie beautyfull .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\american action horse sleeping gorgeoushorny .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\security\templates\danish beastiality hardcore licking hole .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore voyeur fishy .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx [bangbus] cock .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\bukkake girls stockings (Gina,Sylvia).rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american handjob fucking licking hairy .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action sperm uncut cock .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\horse sperm several models .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\action lingerie girls young .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese gang bang lesbian catfight young .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\InputMethod\SHARED\danish beastiality blowjob [bangbus] .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm catfight high heels .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\Downloaded Program Files\norwegian beast uncut ash .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\PLA\Templates\swedish animal horse big cock .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\swedish cumshot horse big high heels .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british fucking several models .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx masturbation cock (Christine,Curtney).rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian action beast catfight black hairunshaved .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fucking [milf] cock .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\mssrv.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american fetish sperm hot (!) hole (Sonja,Samantha).mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american cumshot fucking hot (!) .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\animal fucking public (Jade).mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\swedish kicking horse hot (!) balls .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\CbsTemp\trambling several models glans ìó (Liz).avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese nude bukkake hidden .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\kicking gay uncut femdom .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\beastiality xxx [bangbus] .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast licking hotel .rar.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british lingerie catfight ejaculation .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\swedish animal lesbian big .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian trambling sleeping hole 40+ .avi.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\lesbian sleeping glans .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian action sperm several models .mpg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\assembly\tmp\danish cum lingerie sleeping titts .zip.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african bukkake voyeur glans beautyfull .mpeg.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
1756	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
1756	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3464	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3464	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3600	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3600	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
1228	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
1228	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2308	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2308	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3192	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3192	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4740	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4740	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4216	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4216	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3768	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
3768	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3968

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4180

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3836

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4544

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2308

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
9⤵
PID:18208

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:13324

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:16116

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15740

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:15344

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:11636

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15596

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15700

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:18508

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15684

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18616

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11344

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18608

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15400

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15548

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12392

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:12632

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15328

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:12684

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15788

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11308

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18052

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15772

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15676

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:18632

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18624

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:13368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:18900

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15756

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15612

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11436

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15732

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:14096

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16500

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12912

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15300

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3640

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:15556

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:12464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15532

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15572

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18184

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15764

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18328

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11328

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15580

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12920

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11852

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:13440

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15376

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:17692

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15448

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:13108

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18500

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13092

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3600

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18980

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15708

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:16468

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15648

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:11368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12304

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15280

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18476

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16132

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16476

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12408

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15496

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15912

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12384

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15508

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15812

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:11352

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15384

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:11272

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15308

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15392

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13788

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:17460

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:12340

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:15336

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2076

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4404

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4216

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
8⤵
PID:18200

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:15516

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15636

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18516

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:12780

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15456

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15724

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15692

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15604

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15716

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:13708

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15540

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:14248

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15356

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16460

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13048

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15320

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4740

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15620

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15416

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:13452

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:16516

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12188

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15488

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15332

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12452

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16492

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15644

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:11404

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:17468

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15408

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12472

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15524

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:16124

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:12400

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4196

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3192

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
7⤵
PID:18216

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15668

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15884

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15432

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:15588

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
6⤵
PID:18960

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:12364

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15472

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15748

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18060

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15660

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15780

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18968

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18192

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:14332

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13604

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15440

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15480

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12356

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:428

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:16140

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:12060

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:1228

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:13360

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:15564

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:16776

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:14328

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:14508

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:12024

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15264

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13100

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15292

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
5⤵
PID:18068

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13352

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:13304

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:15316

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:16484

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:15424

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
4⤵
PID:17452

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:11336

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:15628

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
3⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:12296

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe"
2⤵
PID:6948

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx licking bondage .mpeg.exe
Filesize
1.6MB

MD5
63cb8e3107bf7b7409f12c22f0e6f2e7

SHA1
ebae30705d9e6084912ca61c6870e7975d3ff1d8

SHA256
d62b898e07bc0d9f69f802b5e6a201d40283ff23e6b15d6c6c402989618d89ac

SHA512
cbe0e3113a2ad75d850ae09d59cdd29582603677b33dae21801b87154414c1b5ee673b0518ced512f492973fd76afba0f7034e993a772a293565de5730a9f094

Download Submit

description	pid	process	target process
PID 3968 wrote to memory of 4180	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 4180	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 4180	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3836	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3836	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3836	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 2076	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 2076	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 2076	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 4544	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 4544	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 4544	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3640	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3640	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3640	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 4196	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 4196	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 4196	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4404	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4404	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4404	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 1756	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 1756	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 1756	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 3464	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 3464	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 3464	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3600	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3600	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 3600	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1228	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1228	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1228	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 2308	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 2308	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 2308	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4740	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4740	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 2076 wrote to memory of 4740	2076	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4196 wrote to memory of 3192	4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4196 wrote to memory of 3192	4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4196 wrote to memory of 3192	4196	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4404 wrote to memory of 4216	4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4404 wrote to memory of 4216	4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4404 wrote to memory of 4216	4404	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 1736	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 1736	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4180 wrote to memory of 1736	4180	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 3768	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 3768	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3640 wrote to memory of 3768	3640	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 1792	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 1792	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3836 wrote to memory of 1792	3836	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 1860	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 1860	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 4544 wrote to memory of 1860	4544	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3464 wrote to memory of 2712	3464	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3464 wrote to memory of 2712	3464	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3464 wrote to memory of 2712	3464	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1220	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1220	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 3968 wrote to memory of 1220	3968	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe
PID 1756 wrote to memory of 3920	1756	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe	369d33eff7d9a89c54965b2c02e273f7c5dfb7c417a731f5f8e748ba829b2aae_NeikiAnalytics.exe