Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 10:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe
Resource
win7-20240419-en
4 signatures
150 seconds
General
-
Target
cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe
-
Size
783KB
-
MD5
cc3fbf3f80bfbaf5d16717b81500c860
-
SHA1
f2fef8ea8c34302bce93fb0be3efb7d26a12c6f4
-
SHA256
dd88e5d49d2c52dc1b9be99bf0f4ebc6f971cb64a4455674a4cc2a7fed0fd6a1
-
SHA512
64a323d62d7fc7165c9e4534d4284d290442ecf2844b199402901b8e4ad746bb378a3309f11e2b09d506c6837ab44baea407d853dadb5149a7c4fc503eecd4f7
-
SSDEEP
12288:M13ULO2oiSGUGHp2O0GnhGyv9JBrn+KNBKVaJqav+Y8vyQA5DRz:M9sO2G1gp2wUqBrn/BM61C
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Uninstall.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe Process not Found File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe Process not Found File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Process not Found File opened for modification C:\Program Files\7-Zip\7z.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe Process not Found File opened for modification C:\Program Files\7-Zip\7zG.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\dotnet\dotnet.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe -
Program crash 64 IoCs
pid pid_target Process procid_target 4068 4620 WerFault.exe 134 2784 4492 WerFault.exe 131 5248 4420 WerFault.exe 133 3084 4616 WerFault.exe 130 2528 5188 WerFault.exe 157 3032 4620 WerFault.exe 134 4568 4616 WerFault.exe 130 4296 3956 WerFault.exe 153 7608 4588 WerFault.exe 271 7880 4588 WerFault.exe 271 8348 6124 WerFault.exe 272 8584 6124 WerFault.exe 272 8972 1156 WerFault.exe 273 9208 1156 WerFault.exe 273 1512 7356 WerFault.exe 363 8348 7432 WerFault.exe 366 9548 7460 WerFault.exe 368 9748 7640 WerFault.exe 377 9588 7976 WerFault.exe 398 9772 7976 WerFault.exe 398 8852 8032 WerFault.exe 395 8736 8060 WerFault.exe 393 7812 4364 WerFault.exe 83 9500 4364 WerFault.exe 83 8056 2976 WerFault.exe 84 6640 2976 WerFault.exe 84 6164 4416 WerFault.exe 87 8912 4416 WerFault.exe 87 6364 2728 WerFault.exe 81 9996 2728 WerFault.exe 81 4720 1676 WerFault.exe 85 10412 1676 WerFault.exe 85 2092 4748 WerFault.exe 125 11900 2428 WerFault.exe 209 12348 1956 WerFault.exe 208 12936 5280 WerFault.exe 215 12948 5268 WerFault.exe 214 11320 9220 WerFault.exe 481 5616 9444 WerFault.exe 488 5412 11092 WerFault.exe 812 11652 5340 WerFault.exe 163 3952 2340 WerFault.exe 193 7872 4592 WerFault.exe 202 4324 2304 Process not Found 207 7656 11092 Process not Found 812 7424 4748 Process not Found 125 9564 6776 Process not Found 325 5772 6776 Process not Found 325 4692 11928 Process not Found 1140 3688 6116 Process not Found 1141 9140 8292 Process not Found 1146 904 11792 Process not Found 1159 12780 2156 Process not Found 1180 5888 6116 Process not Found 1141 4796 6812 Process not Found 327 12148 6812 Process not Found 327 7592 10136 Process not Found 584 3988 10136 Process not Found 584 1172 11132 Process not Found 956 11828 11132 Process not Found 956 5472 7960 Process not Found 399 12340 7868 Process not Found 404 7680 7908 Process not Found 402 8736 7844 Process not Found 405 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2232 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2232 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2728 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2728 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3680 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3680 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4364 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4364 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2976 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2976 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1676 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1676 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2184 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2184 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4416 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4416 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4360 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4360 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2168 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2168 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 896 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 896 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2164 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2164 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1664 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1664 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2932 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2932 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2868 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2868 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1160 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1160 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2116 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2116 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4992 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4992 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3796 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3796 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4924 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4924 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3784 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3784 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4368 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 4368 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1808 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1808 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1820 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1820 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 5104 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 5104 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3704 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3704 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 588 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 588 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3596 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3596 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1124 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 1124 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3348 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3348 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3332 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 3332 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2656 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 2656 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2728 2232 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 81 PID 2232 wrote to memory of 2728 2232 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 81 PID 2232 wrote to memory of 2728 2232 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 81 PID 2728 wrote to memory of 3680 2728 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 82 PID 2728 wrote to memory of 3680 2728 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 82 PID 2728 wrote to memory of 3680 2728 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 82 PID 3680 wrote to memory of 4364 3680 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 83 PID 3680 wrote to memory of 4364 3680 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 83 PID 3680 wrote to memory of 4364 3680 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 83 PID 4364 wrote to memory of 2976 4364 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 84 PID 4364 wrote to memory of 2976 4364 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 84 PID 4364 wrote to memory of 2976 4364 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 84 PID 2976 wrote to memory of 1676 2976 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 85 PID 2976 wrote to memory of 1676 2976 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 85 PID 2976 wrote to memory of 1676 2976 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 85 PID 1676 wrote to memory of 2184 1676 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 86 PID 1676 wrote to memory of 2184 1676 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 86 PID 1676 wrote to memory of 2184 1676 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 86 PID 2184 wrote to memory of 4416 2184 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 87 PID 2184 wrote to memory of 4416 2184 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 87 PID 2184 wrote to memory of 4416 2184 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 87 PID 4416 wrote to memory of 4360 4416 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 88 PID 4416 wrote to memory of 4360 4416 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 88 PID 4416 wrote to memory of 4360 4416 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 88 PID 4360 wrote to memory of 2168 4360 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 89 PID 4360 wrote to memory of 2168 4360 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 89 PID 4360 wrote to memory of 2168 4360 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 89 PID 2168 wrote to memory of 896 2168 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 90 PID 2168 wrote to memory of 896 2168 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 90 PID 2168 wrote to memory of 896 2168 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 90 PID 896 wrote to memory of 2164 896 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 91 PID 896 wrote to memory of 2164 896 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 91 PID 896 wrote to memory of 2164 896 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 91 PID 2164 wrote to memory of 1664 2164 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 92 PID 2164 wrote to memory of 1664 2164 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 92 PID 2164 wrote to memory of 1664 2164 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 92 PID 1664 wrote to memory of 2932 1664 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 93 PID 1664 wrote to memory of 2932 1664 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 93 PID 1664 wrote to memory of 2932 1664 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 93 PID 2932 wrote to memory of 2868 2932 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 94 PID 2932 wrote to memory of 2868 2932 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 94 PID 2932 wrote to memory of 2868 2932 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 94 PID 2868 wrote to memory of 1160 2868 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 95 PID 2868 wrote to memory of 1160 2868 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 95 PID 2868 wrote to memory of 1160 2868 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 95 PID 1160 wrote to memory of 2116 1160 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 96 PID 1160 wrote to memory of 2116 1160 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 96 PID 1160 wrote to memory of 2116 1160 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 96 PID 2116 wrote to memory of 4992 2116 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 97 PID 2116 wrote to memory of 4992 2116 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 97 PID 2116 wrote to memory of 4992 2116 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 97 PID 4992 wrote to memory of 3796 4992 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 98 PID 4992 wrote to memory of 3796 4992 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 98 PID 4992 wrote to memory of 3796 4992 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 98 PID 3796 wrote to memory of 4924 3796 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 99 PID 3796 wrote to memory of 4924 3796 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 99 PID 3796 wrote to memory of 4924 3796 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 99 PID 4924 wrote to memory of 3784 4924 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 100 PID 4924 wrote to memory of 3784 4924 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 100 PID 4924 wrote to memory of 3784 4924 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 100 PID 3784 wrote to memory of 4368 3784 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 101 PID 3784 wrote to memory of 4368 3784 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 101 PID 3784 wrote to memory of 4368 3784 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 101 PID 4368 wrote to memory of 1808 4368 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"4⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"5⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"6⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"8⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"9⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4360 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"10⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:896 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1664 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"14⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"15⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"16⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"17⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"18⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"19⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3796 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"20⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"21⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3784 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"22⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4368 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"24⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"25⤵
- Suspicious behavior: EnumeratesProcesses
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"26⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"27⤵
- Suspicious behavior: EnumeratesProcesses
PID:588 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"28⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"29⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"30⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"31⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"33⤵PID:3988
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"34⤵PID:2276
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"35⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"36⤵PID:4032
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"37⤵PID:3116
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"38⤵PID:4460
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"39⤵PID:2464
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"40⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"41⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"42⤵PID:3340
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"43⤵PID:4904
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"44⤵
- Drops file in Program Files directory
PID:4748 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"45⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"46⤵PID:1008
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"47⤵PID:3764
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"48⤵PID:4356
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"49⤵PID:4616
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"50⤵PID:4492
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"51⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"52⤵
- Drops file in Program Files directory
PID:4420 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"53⤵
- Drops file in Program Files directory
PID:4620 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"54⤵
- Drops file in Program Files directory
PID:540 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"55⤵PID:4448
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"56⤵
- Drops file in Program Files directory
PID:4884 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"57⤵
- Drops file in Program Files directory
PID:4844 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"58⤵
- Drops file in Program Files directory
PID:1636 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"59⤵
- Drops file in Program Files directory
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"60⤵PID:892
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"61⤵PID:2120
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"62⤵PID:3956
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"63⤵
- Drops file in Program Files directory
PID:5188 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"64⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"65⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"66⤵PID:6068
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"67⤵PID:6088
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"68⤵PID:6140
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"69⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"70⤵
- Drops file in Program Files directory
PID:3980 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"71⤵
- Drops file in Program Files directory
PID:4636 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"72⤵PID:4392
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"73⤵PID:2736
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"74⤵PID:4980
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"75⤵
- Drops file in Program Files directory
PID:2340 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"76⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"77⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"78⤵PID:4700
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"79⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"80⤵PID:4020
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"81⤵PID:4592
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"82⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"83⤵PID:4624
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"84⤵PID:3584
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"85⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"86⤵PID:2304
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"87⤵
- Drops file in Program Files directory
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"88⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"89⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"90⤵
- Drops file in Program Files directory
PID:5156 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"91⤵
- Drops file in Program Files directory
PID:5172 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"92⤵PID:5224
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"93⤵PID:5268
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"94⤵PID:5280
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"95⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"96⤵PID:5488
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"97⤵
- Drops file in Program Files directory
PID:5196 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"98⤵PID:5472
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"99⤵PID:5504
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"100⤵
- Drops file in Program Files directory
PID:5516 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"101⤵PID:5560
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"102⤵PID:5368
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"103⤵PID:5440
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"104⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"105⤵PID:5476
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"106⤵PID:5772
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"107⤵
- Drops file in Program Files directory
PID:5584 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"108⤵PID:5596
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"109⤵PID:5612
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"110⤵PID:5628
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"111⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"112⤵
- Drops file in Program Files directory
PID:5664 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"113⤵PID:5676
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"114⤵
- Drops file in Program Files directory
PID:5692 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"115⤵
- Drops file in Program Files directory
PID:5712 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"116⤵PID:5832
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"117⤵PID:5896
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"118⤵PID:5768
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"119⤵PID:5796
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"120⤵
- Drops file in Program Files directory
PID:5736 -
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"121⤵PID:5856
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"122⤵PID:5904
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-