Analysis
-
max time kernel
15s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 10:58
Behavioral task
behavioral1
Sample
cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe
-
Size
168KB
-
MD5
cc329d234d765aa9303f4adb7f375f40
-
SHA1
ef9735853990c3ff819cafe5ff2d1e647e15a67d
-
SHA256
313469f1fde18b04328f2a186e3bcb84d498ef8bd9ff62f16126550c77f6e8dd
-
SHA512
ba90ad8fc5d9876005c15786d4fa346e6ba77ab55c9ec40fa389be95545e4edfb05b935ea4a3ca8af7f52d0d389b75306a224ab55da29d0b5ec07c36439d6224
-
SSDEEP
3072:ECjbLl/gvQoutt1Tj4mYWR/R4nkPR/1aVuyJNb8DRlEEmA45yckOVAZmLTb0pCu:tjluQoSDIo5R4nM/40yJNbLA4COSZgM
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 16 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4076-0-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/files/0x0007000000023424-5.dat upx behavioral2/memory/1736-79-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4548-155-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2132-179-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1820-178-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2032-181-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2548-180-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4548-183-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3784-184-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4076-182-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2924-186-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1736-185-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3664-189-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/456-192-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1140-191-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2436-190-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1088-188-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4076-187-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4928-196-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/848-195-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2132-194-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1820-193-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1332-198-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3840-197-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/436-200-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4000-199-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1456-205-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1536-204-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2032-203-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3064-202-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2548-201-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4128-206-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5224-209-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5200-208-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4408-207-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5460-215-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5452-214-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2924-213-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5396-219-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3664-218-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1088-217-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/2740-216-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1140-224-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5312-227-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/456-226-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/3280-225-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6164-231-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6156-230-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1960-229-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/4928-228-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1332-232-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/436-236-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6256-235-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6232-234-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/8-233-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6476-239-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5184-240-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6576-241-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1456-238-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/1536-237-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6728-245-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/6704-244-0x0000000000400000-0x000000000041D000-memory.dmp upx behavioral2/memory/5224-243-0x0000000000400000-0x000000000041D000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Y: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\E: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\H: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\I: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\P: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\R: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\W: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\A: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\G: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\U: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\J: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\O: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\S: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\T: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\V: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\Z: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\X: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\B: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\K: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\L: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\M: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\N: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File opened (read-only) \??\Q: cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Drops file in System32 directory 12 IoCs
description ioc Process File created C:\Windows\SysWOW64\IME\SHARED\canadian gay full movie YEâPSè& .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black fucking voyeur feet tß .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\nude licking mature (Sylvia,Sonja).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\System32\LogFiles\Fax\Incoming\gay porn hidden .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse public .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german handjob fucking sleeping gorgeoushorny .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\asian hardcore girls balls .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian beast nude [bangbus] cock (Britney,Christine).rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\System32\DriverStore\Temp\german lesbian lesbian .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\FxsTmp\cumshot [milf] vagina Ôï .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\IME\SHARED\asian horse fucking lesbian boots .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SysWOW64\config\systemprofile\tyrkish horse hidden YEâPSè& .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Drops file in Program Files directory 18 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\cumshot horse [free] beautyfull .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Updates\Download\horse kicking public fishy .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Shared Gadgets\asian gay lingerie catfight traffic .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Update\Download\cumshot kicking licking granny (Tatjana).zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Microsoft\Temp\malaysia handjob public pregnant .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian xxx big .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\horse beast several models hairy .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\indian cum public (Kathrin).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse trambling several models (Melissa).avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish lesbian handjob masturbation gorgeoushorny .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay voyeur (Karin).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse hardcore sleeping ash (Kathrin,Sonja).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\lingerie trambling hidden leather (Jade,Janette).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking nude girls .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian lesbian sm .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm handjob hidden vagina redhair (Karin).zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\british lesbian nude uncut feet blondie .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Program Files (x86)\Google\Temp\black fucking horse several models shower .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\african porn blowjob lesbian .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\handjob [free] feet latex (Sandy,Tatjana).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish [bangbus] (Christine,Anniston).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\porn gay hidden girly .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\tyrkish xxx voyeur shower .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black nude kicking [bangbus] hairy .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lesbian gang bang masturbation vagina high heels .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gang bang [milf] bondage (Curtney,Sandy).avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\swedish lesbian trambling [free] mature .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\danish cum cum [bangbus] cock high heels (Curtney).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cumshot uncut fishy .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\CbsTemp\norwegian bukkake catfight .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\indian cumshot bukkake [bangbus] hole .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\asian cum [milf] shower .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\fucking action licking vagina (Kathrin,Melissa).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african nude blowjob licking .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish xxx hot (!) hole mistress .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french lingerie voyeur young .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\norwegian blowjob blowjob hot (!) .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\assembly\tmp\british fucking hot (!) leather .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\italian sperm [bangbus] high heels (Karin,Curtney).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian beast catfight ejaculation .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish bukkake trambling big blondie (Liz).zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\russian animal lesbian granny .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\malaysia action girls lady .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish fucking uncut mature .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\german gay horse lesbian .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\spanish kicking gang bang girls 40+ .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian action public bedroom (Sonja).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\asian beastiality [milf] lady .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian gay masturbation .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\japanese nude animal hot (!) YEâPSè& .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian kicking public femdom .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\spanish horse girls hole hotel .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian fucking voyeur hole balls .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\NetworkService\Downloads\russian gang bang hardcore full movie (Liz,Jade).rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\InputMethod\SHARED\porn trambling girls (Curtney).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\xxx big nipples 50+ (Christine,Christine).rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cumshot sperm big (Curtney,Sarah).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\beastiality lingerie girls ash beautyfull (Samantha).rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beastiality lesbian hole ash .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian xxx blowjob several models feet redhair .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beast licking .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\PLA\Templates\russian kicking animal hidden bondage (Sonja).zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse public nipples blondie .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse lingerie [bangbus] blondie .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\gang bang catfight .zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\german gay several models boobs blondie (Karin,Curtney).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\chinese gay masturbation beautyfull (Sylvia,Jenna).mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african blowjob voyeur .mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american lingerie uncut fishy (Sylvia).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\canadian kicking [free] wifey .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\japanese fetish action catfight vagina .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\japanese bukkake hot (!) titts beautyfull (Sonja).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\beastiality horse lesbian pregnant (Janette,Samantha).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\asian action [milf] .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\beastiality sleeping gorgeoushorny (Christine).avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\american hardcore kicking several models Ôï .rar.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\horse [bangbus] nipples (Britney).zip.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish animal [free] granny .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\horse blowjob [free] titts bedroom .mpg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\malaysia horse [free] .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\danish bukkake gay licking traffic .avi.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia fucking girls glans (Anniston,Jade).mpeg.exe cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4000 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4000 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2032 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2032 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3064 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3064 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4128 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4128 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3784 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3784 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4408 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 4408 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2924 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 2924 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1088 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 1088 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4076 wrote to memory of 1736 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 86 PID 4076 wrote to memory of 1736 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 86 PID 4076 wrote to memory of 1736 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 86 PID 1736 wrote to memory of 4548 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 93 PID 1736 wrote to memory of 4548 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 93 PID 1736 wrote to memory of 4548 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 93 PID 4076 wrote to memory of 2436 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 94 PID 4076 wrote to memory of 2436 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 94 PID 4076 wrote to memory of 2436 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 94 PID 2436 wrote to memory of 1820 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 96 PID 2436 wrote to memory of 1820 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 96 PID 2436 wrote to memory of 1820 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 96 PID 1736 wrote to memory of 2132 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 97 PID 1736 wrote to memory of 2132 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 97 PID 1736 wrote to memory of 2132 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 97 PID 4548 wrote to memory of 848 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 98 PID 4548 wrote to memory of 848 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 98 PID 4548 wrote to memory of 848 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 98 PID 4076 wrote to memory of 3840 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 99 PID 4076 wrote to memory of 3840 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 99 PID 4076 wrote to memory of 3840 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 99 PID 4076 wrote to memory of 4000 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 101 PID 4076 wrote to memory of 4000 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 101 PID 4076 wrote to memory of 4000 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 101 PID 1736 wrote to memory of 2032 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 102 PID 1736 wrote to memory of 2032 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 102 PID 1736 wrote to memory of 2032 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 102 PID 1820 wrote to memory of 2548 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 103 PID 1820 wrote to memory of 2548 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 103 PID 1820 wrote to memory of 2548 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 103 PID 4548 wrote to memory of 4128 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 104 PID 4548 wrote to memory of 4128 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 104 PID 4548 wrote to memory of 4128 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 104 PID 2436 wrote to memory of 3064 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 105 PID 2436 wrote to memory of 3064 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 105 PID 2436 wrote to memory of 3064 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 105 PID 2132 wrote to memory of 4408 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 106 PID 2132 wrote to memory of 4408 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 106 PID 2132 wrote to memory of 4408 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 106 PID 3840 wrote to memory of 3784 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 107 PID 3840 wrote to memory of 3784 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 107 PID 3840 wrote to memory of 3784 3840 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 107 PID 848 wrote to memory of 2924 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 108 PID 848 wrote to memory of 2924 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 108 PID 848 wrote to memory of 2924 848 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 108 PID 4076 wrote to memory of 2740 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 111 PID 4076 wrote to memory of 2740 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 111 PID 4076 wrote to memory of 2740 4076 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 111 PID 1820 wrote to memory of 1088 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 112 PID 1820 wrote to memory of 1088 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 112 PID 1820 wrote to memory of 1088 1820 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 112 PID 4548 wrote to memory of 3664 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 113 PID 4548 wrote to memory of 3664 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 113 PID 4548 wrote to memory of 3664 4548 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 113 PID 2436 wrote to memory of 456 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 114 PID 2436 wrote to memory of 456 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 114 PID 2436 wrote to memory of 456 2436 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 114 PID 1736 wrote to memory of 1140 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 115 PID 1736 wrote to memory of 1140 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 115 PID 1736 wrote to memory of 1140 1736 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 115 PID 4000 wrote to memory of 3280 4000 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 116 PID 4000 wrote to memory of 3280 4000 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 116 PID 4000 wrote to memory of 3280 4000 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 116 PID 2132 wrote to memory of 4928 2132 cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe 117
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:5184
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:6212
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:10116
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"9⤵PID:17648
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:2124
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:18056
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:7700
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:14768
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:19588
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:4508
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:18040
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:13236
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:17928
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:5364
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:7848
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:19336
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:10376
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:15472
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:23428
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:13204
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:17632
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:6712
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:15196
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20404
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:8956
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20828
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13884
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19280
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:6196
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:10684
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:16292
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:13160
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:17356
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:7832
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:15172
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20412
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10248
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:15364
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20852
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13252
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17936
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5404
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:8016
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19352
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10660
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:15464
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20884
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13196
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17380
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6728
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13368
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18576
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9048
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20764
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13352
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18380
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4128 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:6576
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:11968
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:13056
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:17084
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:8776
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20444
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:11944
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:14004
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13048
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17968
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5388
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:8504
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19620
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:11796
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13064
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17244
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6720
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13360
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18176
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8964
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20812
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13432
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18316
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:3664
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6256
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:9688
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20876
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:12964
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18072
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7936
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19612
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10848
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:16012
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:5300
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13144
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18356
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5444
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8008
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19628
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10652
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:15672
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:9736
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13180
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17364
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6744
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13408
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17444
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8980
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20796
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13416
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18396
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:4408 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5200
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:6164
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:9712
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"8⤵PID:20460
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:4976
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:18324
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:7708
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:18404
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:9816
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:18032
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13244
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17952
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5348
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:7240
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20772
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:11144
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:15384
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20860
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13112
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17320
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6704
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:12020
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13040
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17060
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8948
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:23392
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13424
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18332
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:4928
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6180
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10108
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19328
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13008
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17044
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8000
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19496
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10384
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:15164
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19532
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13212
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17920
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5420
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8900
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20804
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13448
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18348
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6760
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13384
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18604
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8972
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20780
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13440
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18340
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:436
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6288
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10032
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:23400
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:1848
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18048
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7684
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:15244
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20436
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10000
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18080
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13228
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17944
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5380
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7784
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19304
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10188
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18096
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13292
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17976
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6800
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:12036
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13032
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18428
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9084
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20452
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13320
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18168
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:1140
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6476
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10760
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19468
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13188
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17372
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8236
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19512
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:11072
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:15260
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19540
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13152
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18372
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:5452
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8348
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19504
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:11376
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13088
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17100
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:6768
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13336
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17460
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:8912
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:20932
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:13560
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:17436
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:2548 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:6312
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:1252
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:13104
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:17388
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:7824
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19476
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10196
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:14904
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:23144
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13268
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17992
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5396
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:8244
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19996
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:11180
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:14540
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19556
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13120
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17340
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6776
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:14832
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19604
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9056
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20940
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13328
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19272
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6172
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:10948
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:14880
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:19580
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13136
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17348
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7692
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:15252
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19572
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9512
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19360
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13276
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18000
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5460
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7132
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13392
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18308
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9316
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20924
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:2040
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17452
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6904
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:12060
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13016
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17116
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9380
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20844
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13000
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17028
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3064 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:1456
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6204
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:11516
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:13080
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17092
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7596
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:14852
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20476
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10052
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:15376
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20468
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:1308
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17960
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5372
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9280
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20836
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:3168
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18184
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6936
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13376
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18388
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9532
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17640
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:4600
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:19524
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:456
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6188
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:2068
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19344
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13220
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17904
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:7776
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20908
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9908
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18104
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:12992
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17052
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:5436
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:7256
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17468
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:11040
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:16972
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13128
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17604
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:6736
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:12216
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:12976
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:16132
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:23564
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:8996
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:20428
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:13400
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:18364
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3840 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
PID:3784 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5224
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:5312
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:9764
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"7⤵PID:20916
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:12960
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18128
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:7604
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:14760
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:19548
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10060
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:17912
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:11700
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18412
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:5340
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:8760
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20372
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:11868
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13072
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17068
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6792
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:952
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18112
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8932
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20420
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:14388
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:19636
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:1960
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6220
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:10156
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:18088
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:13260
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18024
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:7840
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19320
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9904
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:17756
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13284
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17984
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:5412
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:7612
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20868
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8580
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19288
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13308
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18016
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:7024
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:1972
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18152
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:9288
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:20892
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:5052
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:18064
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4000 -
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:3280
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:6156
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:9948
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"6⤵PID:20788
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:4988
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:18120
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:7928
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:19312
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:10676
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:14888
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:6648
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:15204
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:19564
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:5428
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:8492
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:20004
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:11292
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:12984
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17076
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:6752
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:12068
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:13024
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:17036
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:9064
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:20900
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:13344
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:18160
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:6232
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:9828
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"5⤵PID:14108
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:1604
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:18420
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:7644
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:14776
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:19596
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:372
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:19296
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:13300
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:18008
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:5468
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:8404
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"4⤵PID:20384
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:10360
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:13096
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:17108
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:6784
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:636
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:18136
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:9104
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"3⤵PID:20820
-
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:3312
-
-
C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc329d234d765aa9303f4adb7f375f40_NeikiAnalytics.exe"2⤵PID:18144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking nude girls .rar.exe
Filesize1.4MB
MD5ca1b3881c56f1b9dc1696a89d6890f31
SHA178f22feb7921f0f03e9c8d90ded8c57413d4b06f
SHA2561b8521c907528416201dca013b768d45fef9f0cb8de24dce64943adc97a5561f
SHA512eb3bb45bca79dbb5ef35f15c17e7260cf02602e1675b6ce0feaca8c60ebc8aee21da4a6a6cad0bd0a94a390bdf4d53c85041d5852bf64026388d56cf54eea62a
-
Filesize
146B
MD52129dd50413283038c8ba585133634cb
SHA1d521aeb42ea93f8ecb14121ba1cc6ec3977eaa4d
SHA25638328b579e77cbde28874cab9ee7e65cddc1f77085c8abf1929729f4a794925a
SHA5127bbbe694702fdecf116d95389d628842c6b518401fed4e0d668c11b22e991dfafbd725185d9d80fdb54cb6201f97c59da3cf951482541a6da479a8397fbec887